Vulnerability Bulletins |
Múltiples vulnerabilidades en Internet Explorer |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Internet Explorer 5.01 Service Pack 3 / Microsoft Windows 2000 Service Pack 3 Internet Explorer 5.01 Service Pack 4 / Microsoft Windows 2000 Service Pack 4 Internet Explorer 6 Service Pack 1 / Microsoft Windows 2000 Service Pack 3 Internet Explorer 6 Service Pack 1 / Microsoft Windows 2000 Service Pack 4 Internet Explorer 6 Service Pack 1 / Microsoft Windows XP Service Pack 1 Internet Explorer 6 / Microsoft Windows XP Service Pack 2 Internet Explorer 6 Service Pack 1 / Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) Internet Explorer 6 / Microsoft Windows Server 2003 Internet Explorer 6 / Microsoft Windows Server 2003 Service Pack 1 Internet Explorer 6 / Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Internet Explorer 6 / Microsoft Windows Server 2003 Itanium-based Systems Internet Explorer 6 / Microsoft Windows Server 2003 SP1 Itanium-based Systems Internet Explorer 6 / Microsoft Windows Server 2003 x64 Edition Internet Explorer 6 / Microsoft Windows XP Professional x64 Edition Internet Explorer 5.5 Service Pack 2 / Microsoft Windows Millennium Edition Internet Explorer 6 Service Pack 1 / Microsoft Windows 98 Internet Explorer 6 Service Pack 1 / Microsoft Windows 98 SE Internet Explorer 6 Service Pack 1 / Microsoft Windows Millennium Edition |
Description |
|
|
Se han descubierto dos nuevas vulnerabilidades en Internet Explorer. Las vulnerabilidades son descritas a continuación: - CAN-2005-1211: Vulnerabilidad de desbordamiento de búfer en el manejo de imágenes PNG. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante un sitio Web o un e-mail especialmente diseñado que la víctima debe intentar visualizar. - CAN-2002-0648: Vulnerabilidad en el manejo de peticiones para mostrar contenido XML. La vulnerabilidad reside en que Internet Explorer no verifica si la fuente XML está redirigida. La explotación de esta vulnerabilidad podría permitir a un atacante remoto leer información XML de otro dominio de Internet Explorer mediante un sitio Web especialmente diseñado que la víctima debe visitar. |
|
Solution |
|
|
Actualización de software Microsoft Internet Explorer 5.01 Service Pack 3 / Microsoft Windows 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=5F577A83-67C6-45AE-B5C5-10D7C7FFA3D3 Internet Explorer 5.01 Service Pack 4 / Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=703859AF-CDD5-4348-8916-472A3FDF8667 Internet Explorer 6 Service Pack 1 / Microsoft Windows 2000 Service Pack 3 Internet Explorer 6 Service Pack 1 / Microsoft Windows 2000 Service Pack 4 Internet Explorer 6 Service Pack 1 / Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1809B9B-9B0F-4A9C-84A5-56B774920313 Internet Explorer 6 / Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=36EC67CA-94F6-4E55-ADCD-4406A3D6AADE Internet Explorer 6 Service Pack 1 / Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) http://www.microsoft.com/downloads/details.aspx?FamilyId=6AAE593C-8FFD-443F-B9AC-3F9F0F20A2EB Internet Explorer 6 / Microsoft Windows Server 2003 Internet Explorer 6 / Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=2C58B8F7-4F2D-44DA-80EF-B83667B5AFD7 Internet Explorer 6 / Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Internet Explorer 6 / Microsoft Windows Server 2003 Itanium-based Systems Internet Explorer 6 / Microsoft Windows Server 2003 SP1 Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=77E601E9-4EED-4671-8F3E-AD58A1E88041 Internet Explorer 6 / Microsoft Windows Server 2003 x64 Edition Internet Explorer 6 / Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=1A7087F1-3AF2-4B33-9F04-6159FAA34C31 |
|
Standar resources |
|
| Property | Value |
| CVE |
CAN-2005-1211 CAN-2002-0648 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS05-025 http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-06-15 |