Vulnerability Bulletins |
Escalada de privilegios en Microsoft Windows 2000 NetDDE |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Compromiso Root |
Dificulty | Avanzado |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows NT 4.0 Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP |
Description |
|
El agente Winlogon NetDDE permite a un potencial atacante aumentar sus privilegios. Un usuario local puede utilizar un mensaje WM_COPYDATA para enviar código arbitrario a NetDDE, que será ejecutado con privilegios de Local System cuando se envíe un segundo WM_TIMER. |
|
Solution |
|
Actualización de software Microsoft Microsoft Windows NT 4.0 http://microsoft.com/downloads/details.aspx?FamilyId=E5606A46-364E-4585-9EDB-63654007E685 Microsoft Windows NT 4.0, Terminal Server Edition http://microsoft.com/downloads/details.aspx?FamilyId=5A203864-F6DF-41EB-A8DB-13EFFCD84081 Microsoft Windows 2000 http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5 Microsoft Windows XP 32 bit http://microsoft.com/downloads/details.aspx?FamilyId=98F02C55-E598-4EB1-AABE-DB3BA0807685 Microsoft Windows XP 64 bit http://microsoft.com/downloads/details.aspx?FamilyId=4D97D23B-6773-4EA4-AF2E-C97FA52E04BE |
|
Standar resources |
|
Property | Value |
CVE | CAN-2002-1230 |
BID | |
Other resources |
|
Securityfocus BID: 5927 http://online.securityfocus.com/bid/5927 Microsoft Security Bulletin MS02-071 http://www.microsoft.com/technet/security/bulletin/MS02-071.asp |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2003-10-11 |