Vulnerability Bulletins |
Desbordamiento de búfer en Microsoft Windows Server service |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium Microsoft Windows Server 2003 x64 |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en varias versiones de Microsoft Windows. La vulnerabilidad reside en un error en el servicio "Server". Un atacante remoto podría ejecutar código arbitrario mediante un mensaje RPC especialmente diseñado. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=3b61153d-359f-4441-a448-24062cb2387c Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2996b9b6-03ff-4636-861a-46b3eac7a305 Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=314c7c2c-9a02-4e56-98cf-97703fecf0be Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=a0058f39-6dea-4dfc-9dd6-4cb45b305dec Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=af970833-2044-4284-937d-3beb2e2f286d Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=3b0c1954-fca5-4e95-abb2-6066a9d6bc76 |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-3439 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin (MS06-040) http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx US-CERT - Technical Cyber Security Alert (TA06-220A) http://www.us-cert.gov/cas/techalerts/TA06-220A.html Microsoft Security Advisory (922437) http://www.microsoft.com/technet/security/advisory/922437.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-08-09 |
| 2.0 | Existe una prueba de concepto disponible | 2006-08-10 |
| 3.0 | Exploit público disponible. Aviso emitido por Microsoft (922437) | 2006-08-14 |