Vulnerability Bulletins

int(1353)

Vulnerability Bulletins

Vulnerabilidad en Server Message Block en productos Microsoft
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	Microsoft
Affected software	Microsoft Windows 2000 Service Pack 3 Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows Server 2003 Microsoft Windows Server 2003 Itanium-based Systems
Description
Se ha descubierto una vulnerabilidad en la implementación de SMB (Server Message Block) de Microsoft Windows 2000, XP y 2003. La vulnerabilidad reside en el proceso que valida los paquetes SMB de entrada. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante el envío de paquetes SMB especialmente diseñados.
Solution
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 3 Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=656BDDA5-672B-4A6B-B192-24A2171C7355 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6DF9B2D9-B86E-4924-B677-978EC6B81B54 Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=E5043926-0B79-489B-8EA1-85512828C6F4 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=8DA45DD0-882E-417C-A7F2-4AABAD675129 Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=1B703115-54C0-445C-B5CE-E9A53C45B36A Microsoft Windows Server 2003 Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=8DA45DD0-882E-417C-A7F2-4AABAD675129
Standar resources
Property	Value
CVE	CAN-2005-0045
BID
Other resources
Microsoft Security Bulletin MS05-011 http://www.microsoft.com/technet/security/Bulletin/MS05-011.mspx eEye Security Advisory http://www.eeye.com/html/research/advisories/AD20050208.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-02-09
2.0	Exploit público disponible	2005-06-27

Vulnerability Bulletins

Vulnerabilidad en Server Message Block en productos Microsoft

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history