Vulnerability Bulletins |
Ejecución remota de código en Microsoft Office |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 2 2007 Microsoft Office System Microsoft Office 2004 Mac |
Description |
|
Se ha descubierto una vulnerabilidad en Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 para Mac y en 2007. La vulnerabilidad reside en un error no especificado en la librería MSO.dll. Un atacante remoto podría ejecutar código arbitrario mediante un objeto especialmente construido que provocase una corrupción de memoria. El boletín MS08-016 sustituye al MS07-025. |
|
Solution |
|
Actualización de software Microsoft Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=A693C271-4B94-4541-953A-0A2DB4587B23 Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=CB291AD9-348A-4C28-BEC7-53D2F35D0B72 Microsoft Office 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=819857CC-3777-4E4A-9CC3-685FC079A254 2007 Microsoft Office System http://www.microsoft.com/downloads/details.aspx?FamilyId=A3DC8E3F-90DD-4D0C-88B8-2EC88FF3A588 Microsoft Office 2004 Mac http://www.microsoft.com/mac |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-1747 |
BID | 23826 |
Other resources |
|
Microsoft Security Bulletin (MS07-025) http://www.microsoft.com/technet/security/bulletin/ms07-025.mspx Microsoft Security Bulletin (MS08-016) http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-05-10 |
1.1 | Aviso emitido por Microsoft (MS08-016). Descripción actualizada. | 2008-03-12 |