Vulnerability Bulletins |
Vulnerabilidad en el servicio de Telefonía de Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Itanium-based Systems Microsoft Windows Server 2003 SP1 Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows 98 Microsoft Windows 98 Second Edition (SE) Microsoft Windows Millennium Edition (ME) |
Description |
|
|
Se ha descubierto una vulnerabilidad en el servicio de Telefonía de múltiples versiones del sistema operativo Microsoft Windows. La vulnerabilidad reside en la API del servicio de Telefonía (TAPI), concretamente en el proceso que se utiliza para validar datos y permisos. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario o a un atacante local obtener un aumento de privilegios. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=C7417EA1-7AFC-4A55-95DC-E814975B8AE6 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B049004B-AF28-41D7-8AE6-7A3DB15211F1 Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=705545D0-B53B-4E17-8B62-A4C652697C61 Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=0097FE14-1D6B-4423-A437-DEA1ED665A07 Microsoft Windows Server 2003 Itanium-based Systems Microsoft Windows Server 2003 SP1 Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=BC16BEAE-0BAD-490C-A80F-4BF81C360CA0 Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=0CEF9CC2-A7BD-42E0-81B1-EDC303DA8A40 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-0058 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS05-040 http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-08-11 |
| 2.0 | Exploit público disponible | 2006-04-19 |