Vulnerability Bulletins |
Ejecución de código en Plug and Play |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition Service Pack 2 |
Description |
|
|
Se ha encontrado una vulnerabilidad en el servicio universal de Plug and Play. La vulnerabilidad reside en un error cuando parsea una petición HTTP especialmente creada. Un atacante podría ejecutar código arbitrario mediante una petición HTTP especialmente diseñada. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=ecf69778-91f9-498e-a8bd-35208aa93051 Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=6ceb5b4f-861f-4f37-b4bc-e8a56382b833 Microsoft Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6ceb5b4f-861f-4f37-b4bc-e8a56382b833 |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-1204 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS07-019 http://www.microsoft.com/technet/security/bulletin/ms07-019.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-04-11 |