Vulnerability Bulletins |
Aumento de privilegios en Macrovision |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Experto |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 SP1 for Itanium Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP2 for Itanium Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 x64 Edition SP2 |
Description |
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento de búfer en Macrovision. La vulnerabilidad reside en un error en el controlador secdrv.sys cuando procesa argumentos pasados por el usuario. Un atacante local podría sobrescribir zonas de memoria de forma arbitraria y aumentar sus privilegios mediante un argumento especialmente diseñado en un METHOD_NEITHER IOCTL. |
|
Solution |
|
Actualización de software Microsoft Macrovision - patch SECDRV.SYS http://www.macrovision.com/webdocuments/Downloads/SECDRVSYS.zip Microsoft (MS07-067) Windows XP Service Pack 2 / patch Windowsxp-kb944653-x86-enu.exe Windows XP Professional x64 Edition / patch WindowsServer2003.WindowsXP-kb944653-x64-enu.exe Windows XP Professional x64 Edition Service Pack 2 / patch WindowsServer2003.WindowsXP-kb944653-x64-enu.exe Windows Server 2003 / patch WindowsServer2003-KB944653-x86-ENU.exe Windows Server 2003 x64-based Edition / patch WindowsServer2003.WindowsXP-KB944653-x64-ENU.exe |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-5587 |
BID | 26121 |
Other resources |
|
Microsoft Security Advisory (944653) http://www.microsoft.com/technet/security/advisory/944653.mspx Microsoft Security Bulletin MS07-067 http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-11-06 |
1.1 | Aviso emitido por Microsoft (MS07-067) | 2007-12-13 |