Vulnerability Bulletins |
Desbordamiento de búfer en Microsoft Internet Explorer |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software | Microsoft Internet Explorer 6.0 |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en Microsoft Internet Explorer 6.0 en Windows XP SP2 y posiblemente en otras versiones. La vulnerabilidad reside en un error al manejar ciertos ficheros Vector Markup Language (VML). Un atacante remoto podría ejecutar código arbitrario mediante el parámetro "fill" especialmente diseñado dentro de una etiqueta "rect" en un fichero Vector Markup Language (VML). |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=383C13DC-51A9-4B12-89E3-871A1A3DE98F Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F19858-4E86-4FD4-A264-E4823FF6D0A9 Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=AFD3279C-6171-4F20-A36E-B9B56EE4C7F1 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=AF8F3A58-BA7A-41BF-BB1B-3A9DDFDC3E27 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=271E9C78-1C6A-443E-924D-43FD6D51E643 Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=E2CB474F-FC1B-4B7D-A607-02A1528C6743 Microsoft Windows 2000 SP4 / Internet Explorer 5.01 SP4 http://www.microsoft.com/downloads/details.aspx?FamilyId=4C48FF93-6559-4616-9C2D-406E808B7E97 Microsoft Windows 2000 SP4 / Internet Explorer 6 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=EA7DE30F-D765-4E5B-BFD4-64F3FED578FF |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-4868 |
| BID | 20096 |
Other resources |
|
|
Microsoft Security Advisory (925568) http://www.microsoft.com/technet/security/advisory/925568.mspx Microsoft Security Bulletin (MS06-055) http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-09-21 |
| 2.0 | Aviso emitido por Microsoft (MS06-055) | 2006-10-05 |