Vulnerability Bulletins |
Desbordamiento de búfer en Microsoft Office XP |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Office XP Software Service Pack 3 Microsoft Office XP Software Service Pack 2 Microsoft Project 2002 Microsoft Visio 2002 Microsoft Works Suite 2002 Microsoft Works Suite 2003 Microsoft Works Suite 2004 |
Description |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en Microsoft Office XP. La vulnerabilidad reside en el manejo de las URL que contienen localizaciones de archivos. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante el uso de un enlace html especialmente diseñado que la víctima debe seguir. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Office XP Software Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 Microsoft Office XP Software Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 Microsoft Project 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=9FB0B8CC-593A-4955-9AF1-84AD2664E3AC Microsoft Visio 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=07EB60C3-D38A-4130-BC44-6C8511ECADB9 Microsoft Works Suite 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 Microsoft Works Suite 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 Microsoft Works Suite 2004 http://www.microsoft.com/downloads/details.aspx?FamilyId=A0115BF8-5F80-43E9-BE28-24D344600D69 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0848 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS05-005 http://www.microsoft.com/technet/security/Bulletin/MS05-005.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-02-09 |