Vulnerability Bulletins |
Ejecución de código arbitrario en Microsoft Word |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word Viewer 2003 Microsoft Works Suite 2000 Microsoft Works Suite 2001 Microsoft Works Suite 2002 Microsoft Works Suite 2003 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Word 2002 y 2003. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría ejecutar código arbitario mediante un fichero Word especialmente diseñado. Nota: esta vulnerabilidad está siendo explotada activamente. |
|
Solution |
|
|
Actualización de software Software update Microsoft Microsoft Word 2000 http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD Microsoft Word 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C Microsoft Word 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=ADEA09B4-481A-4908-8B77-0630AC679CAC Microsoft Word Viewer 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=6089B843-61FF-469F-A38B-BD4FFEFF0552 Microsoft Works Suite 2000 http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD Microsoft Works Suite 2001 http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD Microsoft Works Suite 2002 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C Microsoft Works Suite 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C Microsoft Works Suite 2004 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C Microsoft Works Suite 2005 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C Microsoft Works Suite 2006 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-2492 |
| BID | |
Other resources |
|
|
Microsoft Security Advisory (919637) http://www.microsoft.com/technet/security/advisory/919637.mspx Microsoft Security Bulletin (MS06-027) http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx US-CERT (TA06-139A) http://www.us-cert.gov/cas/techalerts/TA06-139A.html Secunia Advisory (SA20153) http://secunia.com/advisories/20153/ Internet Storm Center (Handler's Diary May 18th 2006) http://isc.sans.org/diary.php?storyid=1345 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-05-22 |
| 1.1 | Aviso emitido por Microsoft. CVE Añadido. CERT-VN añadido. | 2006-05-23 |
| 1.2 | Aviso emitido por Microsoft (MS06-027) | 2006-06-14 |