Vulnerability Bulletins

int(2015)

Vulnerability Bulletins

Ejecución de código arbitrario en Microsoft Internet Explorer
Vulnerability classification
Property	Value
Confidence level	official+tested
Impact	Obtener acceso
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	Microsoft
Affected software	Microsoft Internet Explorer <= 6 SP2 6.0.2900.2180
Description
Se ha descubierto una vulnerabilidad en Microsoft Internet Explorer 6 SP2 6.0.2900.2180 y versiones anteriores. La vulnerabilidad reside en un error al manejar el evento "" de JavaScript al llamar a la función "window()". Un atacante remoto causar una denegación de servicio o ejecutar código arbitrario mediante una página Web especialmente diseñada que la victima tendría que visitar. Existe un exploit público disponible.
Solution
Actualización de software Microsoft Internet Explorer 5.01 SP4 / Microsoft Windows 2000 SP4 http://www.microsoft.com/downloads/details.aspx?FamilyId=4005B74A-D6E6-4A32-A3B1-276686B4A428 Internet Explorer 6 SP1 / Microsoft Windows 2000 SP4, Microsoft Windows XP SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=A8443CD2-D98D-427B-9F0E-BD7E19FCB994 Internet Explorer 6 / Microsoft Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=E4B5BA57-D4F2-4798-9154-2869E371C9D1 Internet Explorer 6 / Microsoft Windows Server 2003, Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=9D70FB20-C7C9-43AF-A864-6DBC9A542CC6 Internet Explorer 6 / Microsoft Windows Server 2003 Itanium, Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=1EE790B9-E596-4344-AEC3-FCB3289D7E9C Internet Explorer 6 / Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=8E9C23E5-7988-42DA-A8BD-2C1A534BF995 Internet Explorer 6 / Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=E1652B4A-6339-4B31-8ACF-D2A844C24F70
Standar resources
Property	Value
CVE	CAN-2005-1790
BID
Other resources
Microsoft Security Advisory (911302) http://www.microsoft.com/technet/security/advisory/911302.mspx Microsoft Security Bulletin (MS05-054) http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-11-29
1.1	Aviso emitido por Microsoft (MS05-054)	2005-12-13

Vulnerability Bulletins

Ejecución de código arbitrario en Microsoft Internet Explorer

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history