Vulnerability Bulletins |
Ejecución de código remoto en Microsoft Project |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Project 2000 Service Release 1 Microsoft Project 2002 SP1 Microsoft Project 2003 SP2 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Project 2000 Service Release 1, 2002 SP1, y 2003 SP2. La vulnerabilidad reside en un error al validar la asignación de recursos de memoria al abrir ficheros "Project". Un atacante remoto podría ejecutar código arbitrario mediante un fichero "Project" especialmente diseñado. |
|
Solution |
|
|
Actualización de software Microsoft (MS08-018) Microsoft Project 2000 Service Release 1 / patch Project2000-kb949043-fullfile-enu Microsoft Project 2002 SP1 / patch Project2002-kb949005-fullfile-enu Microsoft Project 2003 SP2 / patch Project2003-KB948962-FullFile-ENU http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2008-1088 |
| BID | 28607 |
Other resources |
|
|
Microsoft Security Bulletin (MS08-018) http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2008-04-10 |