Vulnerability Bulletins |
Ejecución remota de código en Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Service Pack 3 Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows Server 2003 Microsoft Windows Server 2003 Itanium-based Systems Microsoft Windows 98 Microsoft Windows 98 Second Edition (SE) Microsoft Windows Millennium Edition (ME) |
Description |
|
|
Se ha descubierto una vulnerabilidad en múltiples versiones del sistema operativo Microsoft Windows. La vulnerabilidad reside en la forma en que Windows maneja los eventos "drag and drop". La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante la construcción de una página Web especialmente diseñada que la víctima debe visualizar. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 3 Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=865B5D9D-FC5B-4F91-A860-2C35A025A907 Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=B6DAA99A-6E0B-477D-99E9-5237BCF57762 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3 Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0-42A6-844B-F80D6168E25E Microsoft Windows Server 2003 Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-0053 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS05-008 http://www.microsoft.com/technet/security/Bulletin/MS05-008.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-02-09 |