Vulnerability Bulletins |
Ejecución de código arbitrario en OLE Automation |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Windows 2000 SP4 Windows XP SP2 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 for Itanium SP1 Windows Server 2003 for Itanium SP2 Microsoft Office 2004 for Mac Microsoft Visual Basic 6.0 SP6 |
Description |
|
Se ha encontrao una vulnerabilidad del tipo desbordamiento de entero en Microsoft Windows en las versiones 2000 SP4, XP SP2, Server 2003 SP1 y SP2 y en Office 2004 para Mac y en Visual Basic 6.0 en OLE Automation. La vulnerabilidad reside en un error en el método substringdata en un objeto TextNode. Un atacante remoto podría ejecutar código arbitrario. El boletín MS08-008 sustituye al MS07-043. |
|
Solution |
|
Actualización de software Microsoft Windows 2000 SP4 / patch Windows2000-KB921503-x86-enu Windows XP SP2 / patch WindowsXP-KB921503-x86-enu Windows XP Professional x64 Edition / patch WindowsServer2003.WindowsXP-KB921503-x64-enu Windows Server 2003 / patch WindowsServer2003-KB921503-x86-enu Windows Server 2003 x64 Edition / patch WindowsServer2003.WindowsXP-KB921503-x64-enu Windows Server 2003 Itanium / patch WindowsServer2003-KB921503-ia64-enu Visual Basic 6.0 / patch VB6-KB924053-x86-enu |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-2224 |
BID | 25282 |
Other resources |
|
Microsoft Security Bulletin (MS07-043) http://www.microsoft.com/technet/security/Bulletin/MS07-043.mspx Microsoft Security Bulletin (MS08-008) http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-08-16 |
1.1 | Aviso emitido por Microsoft (MS08-008). Descripción actualizada. | 2008-02-13 |