Vulnerability Bulletins

int(3366)

Vulnerability Bulletins

Ejecución de código arbitrario en Microsoft XML Core Services
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	Microsoft
Affected software	Microsoft XML Core Services 3.0 <= 6.0
Description
Se ha encontrado una vulnerabilidad del tipo desbordamiento de entero en Microsoft XML Core Services desde la versión 3.0 hasta la 6.0. La vulnerabilidad reside en un error en el método substringData() de un objeto JavaScript XMLDOM o TextNode. Un atacante remoto podría ejecutar código arbitrario mediante argumentos especialmente diseñados.
Solution
Actualización de software Microsoft Microsoft XML Core Services / Windows 2000 / patch Windows2000-KB936021-x86-enu Microsoft XML Core Services / Windows XP SP2 / patch WindowsXP-KB936021-x86-enu Microsoft XML Core Services / Windows XP x64 Edition / patch WindowsServer2003.WindowsXP-KB936021-x64-enu Microsoft XML Core Services / Windows Server 2003 / patch WindowsServer2003-KB936021-x86-enu Microsoft XML Core Services / Windows Server 2003 x64 Edition / patch WindowsServer2003.WindowsXP-KB936021-x64-enu Microsoft XML Core Services / Windows Server 2003 Itanium / patch WindowsServer2003-KB936021-ia64-enu Microsoft XML Core Services 3.0 / Windows Vista / patch Windows6.0-KB936021-x86 Microsoft XML Core Services 6.0 / Windows Vista / patch Msxml6-KB933579-enu-x86 Microsoft XML Core Services / Office 2003 SP2 / patch Office2003-KB936048-FullFile-enu Microsoft XML Core Services / 2007 Microsoft Office System / patch Office2007-KB936960-FullFile-x86-glb Microsoft XML Core Services / Microsoft Office SharePoint Server / Microsoft Office Groove Server 2007 / patch Office2007-KB936056-FullFile-x86-glb Microsoft XML Core Services 4 / patch Msxml4-KB936181-enu Microsoft XML Core Services 6 / patch Msxml6-KB933579-enu-x86
Standar resources
Property	Value
CVE	CVE-2007-2223
BID	25301
Other resources
Microsoft Security Bulletin MS07-042 http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx

Version history
Version	Comments	Date
1.0	Aviso emitido	2007-08-16

Vulnerability Bulletins

Ejecución de código arbitrario en Microsoft XML Core Services

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history