Vulnerability Bulletins |
Ejecución remota de código "Folder GUID" en Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium Microsoft Windows Server 2003 x64 |
Description |
|
|
Se ha descubierto una vulnerabilidad en varias versiones de Microsoft Windows. La vulnerabilidad reside en que Windows Explorer no maneja correctamente ciertos eventos Drag and Drop, también llamado "Folder GUID Code Execution Vulnerability." Un atacante remoto podría ejecutar código arbitrario mediante un enlace a un recurso compartido SMB con un nombre de fichero que contenga cadenas ..\ (%2e%2e%5c) y que su extensión contenga el identificador CLSID de aplicaciones HTML (HTA). |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 SP4 http://www.microsoft.com/downloads/details.aspx?FamilyId=38cee83e-b17a-4c08-90ce-fb836b9615ad Microsoft Windows XP SP1 Microsoft Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6ef68858-4c91-47fb-ae34-0be556f10ede Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=50935f4e-e383-493e-97c6-599cbb2b87cc Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=759435a3-98f9-4115-b52e-d7fa9d024f16 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=462131c6-a728-4b3c-94de-85deccc42c3e Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=50eef5c5-861d-4802-85a2-6b0627aafc2a |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-3281 |
| BID | 19389 |
Other resources |
|
|
Microsoft Security Bulletin (MS06-045) http://www.microsoft.com/technet/security/bulletin/ms06-045.mspx US-CERT - Technical Cyber Security Alert (TA06-220A) http://www.us-cert.gov/cas/techalerts/TA06-220A.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-08-09 |