Vulnerability Bulletins |
Ejecución de código arbitrario en hlink.dll en Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium Microsoft Windows Server 2003 x64 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Windows. La vulnerabilidad reside en un error en "hlink.dll", probablemente un desbordamiento de búfer. Un atacante remoto podría ejecutar código arbitrario mediante un enlace que no es manejado correctamente cuando hlink.dll usa un fichero con una función malformada, también llamado "Hyperlink Object Function Vulnerability." |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 SP4 http://www.microsoft.com/downloads/details.aspx?FamilyId=bfe3f869-08be-4f13-97a1-7274ad44c7fb Microsoft Windows XP SP1 Microsoft Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2d014bac-f03d-474a-a7ab-49e8ead8edb0 Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=cae094e4-64a0-4577-986b-4d6c131806d9 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=21d1e864-4517-4353-8477-b4cd3c6187c0 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=bc60b6c3-ada8-48ab-a63d-b2f1c9320b0d Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=9d2ba5d1-6f91-47b4-8cc1-dcd44baaa6ce |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-3438 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin (MS06-050) http://www.microsoft.com/technet/security/bulletin/ms06-050.mspx US-CERT - Technical Cyber Security Alert (TA06-220A) http://www.us-cert.gov/cas/techalerts/TA06-220A.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-08-09 |