Vulnerability Bulletins |
Ejecución remota de código en Microsoft WordPad y Office Word 2003 |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Office XP Microsoft Office 2003 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Office Word 2003 y Wordpad. La vulnerabilidad reside en un error en el parseo de documentos Word 97. Un atacante remoto podría ejecutar código arbitrario mediante un documento Word 97 especialmente diseñado. Este boletín sustituye al MS09-010 y MS09-024. |
|
Solution |
|
|
Actualización de software Microsoft (MS09-073) Windows 2000 SP4 / patch Windows2000-KB973904-x86-ENU Windows XP / patch Windowsxp-KB973904-x86-enu Windows XP x64 / patch WindowsServer2003.WindowsXP-KB973904-x64-enu Windows Server 2003 / patch Windowsserver2003-KB973904-x86-enu Windows Server 2003 x64 / patch Windowsserver2003.WindowsXP-KB973904-x64-enu Windows Server 2003 Itanium / patch Windowsserver2003-KB973904-ia64-enu Microsoft Office XP Service Pack 3 / patch officexp-KB975008-FullFile-ENU Microsoft Office 2003 Service Pack 3 / patch office2003-KB975051-FullFile-ENU http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2009-2506 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin (MS09-073) http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2009-12-15 |