int(1646)

Vulnerability Bulletins


Desbordamiento de búfer en el componente Web Client Service de Microsoft Windows

Vulnerability classification

Property Value
Confidence level Oficial
Impact Compromiso Root
Dificulty Experto
Required attacker level Acceso remoto con cuenta

System information

Property Value
Affected manufacturer Microsoft
Affected software Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Itanium-based Systems

Description

Se ha descubierto una vulnerabilidad de desbordamiento de búfer en el sistema operativo Microsoft Windows. La vulnerabilidad reside en el procesado de peticiones Web Client.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios administrativos.

Solution



Actualización de software

Microsoft
Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=91488DDD-1D7E-4277-916A-D5F2EE0B6327
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1DC37A74-BF1E-4AFE-8198-D5CA460A3872
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
http://www.microsoft.com/downloads/details.aspx?FamilyId=2024382A-14A9-4231-8835-E2720C562190
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=B7097610-8AAB-4A2F-94C9-18D32E1C297C
Microsoft Windows Server 2003 Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyId=2024382A-14A9-4231-8835-E2720C562190

Standar resources

Property Value
CVE CAN-2005-1207
BID

Other resources

Microsoft Security Bulletin MS05-028
http://www.microsoft.com/technet/security/Bulletin/MS05-028.mspx

Version history

Version Comments Date
1.0 Aviso emitido 2005-06-15
Ministerio de Defensa
CNI
CCN
CCN-CERT