Vulnerability Bulletins |
Ejecución remota de código en License Logging en Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows NT Server 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 Microsoft Windows 2000 Server Service Pack 3 Microsoft Windows 2000 Server Service Pack 4 Microsoft Windows Server 2003 Microsoft Windows Server 2003 Itanium-based Systems |
Description |
|
|
Se ha descubierto una vulnerabilidad en el servicio License Logging de Microsoft Windows NT, 2000 y 2003. La vulnerabilidad reside en que no se valida correctamente la longitud de la entrada. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario o provocar una situación de denegación de servicio. |
|
Solution |
|
|
Software update Microsoft Microsoft Windows NT Server 4.0 Service Pack 6a http://www.microsoft.com/downloads/details.aspx?FamilyId=817FDC2D-AEE2-4FAF-908B-197B65A471F2 Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 http://www.microsoft.com/downloads/details.aspx?FamilyId=F7B0934C-3049-4B01-956A-B116F69A667E Microsoft Windows 2000 Server Service Pack 3 Microsoft Windows 2000 Server Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=E9983AA2-2CEC-4B62-80D6-8E966A83A5D1 Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=06EAF8E3-CCB7-482B-8B68-340521150113 Microsoft Windows Server 2003 Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=EC25EC00-9C08-4555-94C7-21D5A521FDB6 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-0050 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS05-010 http://www.microsoft.com/technet/security/Bulletin/MS05-010.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-02-09 |