Vulnerability Bulletins |
Desbordamiento de búfer en Microsoft Object Linking and Embedding (OLE) Automation |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP1 y SP2 Microsoft Windows Vista Microsoft Office 2004 para Mac Microsoft Visual basic 6.0 SP6 HP Storage Management Appliance v2.1 |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6. La vulnerabilidad reside en un error en la comprobación de los límites en Object Linking and Embedding (OLE) Automation. Un atacante remoto podría ejecutar código arbitrario con los permisos del usuario registrado mediante un script de petición especialmente diseñado. El boletín MS08-008 sustituye al MS07-043. |
|
Solution |
|
|
Actualización de software Microsoft (MS08-008) Windows 2000 Service Pack 4 / patch Windows2000-KB943055-x86-enu Windows XP Service Pack 2 / patch WindowsXP-KB943055-x86-enu Windows XP Professional x64 Edition / patch WindowsServer2003.WindowsXP-KB943055-x64-enu Windows XP Professional x64 Edition Service Pack 2 / patch WindowsServer2003.WindowsXP-KB943055-x64-enu Windows Server 2003 Service Pack 1 / patch WindowsServer2003-KB943055-x86-enu Windows Server 2003 Service Pack 2 / patch WindowsServer2003-KB943055-x86-enu Windows Server 2003 x64 Edition / patch WindowsServer2003.WindowsXP-KB943055-x64-enu Windows Server 2003 x64 Edition Service Pack 2 / patch WindowsServer2003.WindowsXP-KB943055-x64-enu Windows Server 2003 with SP1 (Itanium) / patch WindowsServer2003-KB943055-ia64-enu Windows Server 2003 with SP2 (Itanium) /patch WindowsServer2003-KB943055-ia64-enu Windows Vista (32-bit) / patch Windows6.0-KB943055-x86 Windows Vista (x64) / patch Windows6.0-KB943055-x64 Visual Basic 6.0 SP6 / VB6-KB946235-x86-enu Microsoft Office 2004 para Mac 11.4.0 Update http://www.microsoft.com/mac/downloads.mspx?pid=Mactopia_Office2004&fid=632EC4B3-B998-4F22-B9D6-93C09C385479%20viewer Hewlett-Packard Storage Management Appliance v2.1 Instale el parche de Microsoft correspondiente a su sistema operativo. |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-0065 |
| BID | 27661 |
Other resources |
|
|
Microsoft Security Bulletin (MS08-008) http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx HP SECURITY BULLETIN (HPSBST02314) https://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01372284-1 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2008-02-13 |
| 1.1 | Aviso emitido por HP (HPSBST02314) | 2008-02-21 |