Vulnerability Bulletins |
Desbordamiento de búfer en HyperTerminal |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Avanzado |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Home Edition Microsoft Windows XP Professional |
Description |
|
La aplicación HyperTerminal para Windows NT 4.0, Windows 2000, Windows XP y Windows Server 2003 no valida correctamente la longitud de un valor almacenado en ficheros de sesión. Esto podría permitir a un atacante remoto ejecutar código arbitrario mediante un archivo de sesión HyperTerminal (.ht) malicioso , un sitio web, o una URL de Telnet dentro de un mensaje de e-mail, propiciando un desbordamiento de búfer. |
|
Solution |
|
Actualización de software Microsoft Windows Microsoft Windows NT Server 4.0 Service Pack 6a http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=4c87af7b-0ee5-4761-ad58-3698d39b62be Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=d9f22fa6-1c9b-442a-ba6f-7584db61c9c2 Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=da3dd6c9-db7e-40a6-afd0-5ed87c42190d Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=96bbd220-5e2a-43ad-b8b7-54ec608bd8be Microsoft Windows XP 64-Bit Edition Service Pack 1 (Inglés) http://www.microsoft.com/downloads/details.aspx?familyid=4970DA24-8C3B-4D99-8F89-13E8AF2E4382&displaylang=en Microsoft Windows XP 64-Bit Edition Version 2003 (Inglés) http://www.microsoft.com/downloads/details.aspx?familyid=06662D6D-E397-40F7-A7A6-9330FBA17EBF&displaylang=en Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=3a36e94b-a39f-4b56-8a2d-42f1089dd158 Microsoft Windows Server 2003 64-Bit Edition (Inglés) http://www.microsoft.com/downloads/details.aspx?familyid=06662D6D-E397-40F7-A7A6-9330FBA17EBF&displaylang=en |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0568 |
BID | |
Other resources |
|
Microsoft Security Bulletin MS04-043 http://www.microsoft.com/technet/security/bulletin/ms04-043.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-12-15 |