Vulnerability Bulletins |
Ejecución de código remoto en la API Win32 |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 Itanium SP1 Windows Server 2003 Itanium SP2 |
Description |
|
|
Se ha encontrado una vulnerabilidad en Microsoft Windows en las versiones 2000, XP SP2 y Server 2003 SP1 y SP2. La vulnerabilidad reside en un error en el modo en que la API Win32 valida los parámetros. Un atacante remoto podría ejecutar código arbitrario mediante unos determinados parámetros en una función no especificada. |
|
Solution |
|
|
Actualización de software Microsoft Windows 2000 Service Pack 4 / patch Windows2000-kb935839-x86-enu Windows XP SP2 / patch Windowsxp-kb935839-x86-enu Windows XP Professional x64 Edition / Windows XP Professional x64 Edition SP2 / patch Windowsserver2003-kb935839-x86-enu Windows Server 2003 SP1 / Windows Server 2003 SP2 / patch Windowsserver2003-kb935839-x86-enu Windows Server 2003 x64 Edition / Windows Server 2003 x64 Edition SP2 / patch Windowsserver2003-kb935839-x86-enu Windows Server 2003 Itanium SP1 / Windows Server 2003 Itanium SP2 / patch Windowsserver2003.windowsxp-kb935839-x64-enu |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-2219 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS07-035 http://www.microsoft.com/technet/security/Bulletin/MS07-035.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-06-14 |