Vulnerability Bulletins |
Ejecución de código en Microsoft Agent |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 1 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 / Itanium-based Systems Microsoft Windows Server 2003 SP1 / Itanium-based Systems Microsoft Windows Server 2003 SP2 / Itanium-based Systems |
Description |
|
|
Se ha descubierto una vulnerabilidad en Windows 2000 SP4, XP SP2 y en Server 2003, 2003 SP1 y en 2003 SP2. La vulnerabilidad reside en un error en Microsoft Agent (msagent\agentsvr.exe). Un atacante remoto podría ejecutar código arbitrario mediante URLs especialmente construidas que provocarían una corrupción de memoria. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=49dc470b-64e2-47ec-be90-622b407c7751 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=e16ededa-6e8c-40d6-a3c0-d61362411acc Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d Microsoft Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=281f10d2-d754-44cd-8318-9ce94b8d01b4 Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=281f10d2-d754-44cd-8318-9ce94b8d01b4 Microsoft Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e Microsoft Windows Server 2003 x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e Microsoft Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e Microsoft Windows Server 2003 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f Microsoft Windows Server 2003 SP2 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-1205 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS07-020 http://www.microsoft.com/technet/security/bulletin/ms07-020.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-04-12 |