Vulnerability Bulletins

int(3557)

Vulnerability Bulletins

Aumento de privilegios en Macrovision
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	Microsoft
Affected software	Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 SP1 for Itanium Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP2 for Itanium Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 x64 Edition SP2
Description
Se ha encontrado una vulnerabilidad del tipo desbordamiento de búfer en Macrovision. La vulnerabilidad reside en un error en el controlador secdrv.sys cuando procesa argumentos pasados por el usuario. Un atacante local podría sobrescribir zonas de memoria de forma arbitraria y aumentar sus privilegios mediante un argumento especialmente diseñado en un METHOD_NEITHER IOCTL.
Solution
Actualización de software Microsoft Macrovision - patch SECDRV.SYS http://www.macrovision.com/webdocuments/Downloads/SECDRVSYS.zip Microsoft (MS07-067) Windows XP Service Pack 2 / patch Windowsxp-kb944653-x86-enu.exe Windows XP Professional x64 Edition / patch WindowsServer2003.WindowsXP-kb944653-x64-enu.exe Windows XP Professional x64 Edition Service Pack 2 / patch WindowsServer2003.WindowsXP-kb944653-x64-enu.exe Windows Server 2003 / patch WindowsServer2003-KB944653-x86-ENU.exe Windows Server 2003 x64-based Edition / patch WindowsServer2003.WindowsXP-KB944653-x64-ENU.exe
Standar resources
Property	Value
CVE	CVE-2007-5587
BID	26121
Other resources
Microsoft Security Advisory (944653) http://www.microsoft.com/technet/security/advisory/944653.mspx Microsoft Security Bulletin MS07-067 http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx

Version history
Version	Comments	Date
1.0	Aviso emitido	2007-11-06
1.1	Aviso emitido por Microsoft (MS07-067)	2007-12-13

Vulnerability Bulletins

Aumento de privilegios en Macrovision

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history