Vulnerability Bulletins |
Ejecución de código arbitrario en Microsoft XML Core Services |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software | Microsoft XML Core Services 3.0 <= 6.0 |
Description |
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento de entero en Microsoft XML Core Services desde la versión 3.0 hasta la 6.0. La vulnerabilidad reside en un error en el método substringData() de un objeto JavaScript XMLDOM o TextNode. Un atacante remoto podría ejecutar código arbitrario mediante argumentos especialmente diseñados. |
|
Solution |
|
Actualización de software Microsoft Microsoft XML Core Services / Windows 2000 / patch Windows2000-KB936021-x86-enu Microsoft XML Core Services / Windows XP SP2 / patch WindowsXP-KB936021-x86-enu Microsoft XML Core Services / Windows XP x64 Edition / patch WindowsServer2003.WindowsXP-KB936021-x64-enu Microsoft XML Core Services / Windows Server 2003 / patch WindowsServer2003-KB936021-x86-enu Microsoft XML Core Services / Windows Server 2003 x64 Edition / patch WindowsServer2003.WindowsXP-KB936021-x64-enu Microsoft XML Core Services / Windows Server 2003 Itanium / patch WindowsServer2003-KB936021-ia64-enu Microsoft XML Core Services 3.0 / Windows Vista / patch Windows6.0-KB936021-x86 Microsoft XML Core Services 6.0 / Windows Vista / patch Msxml6-KB933579-enu-x86 Microsoft XML Core Services / Office 2003 SP2 / patch Office2003-KB936048-FullFile-enu Microsoft XML Core Services / 2007 Microsoft Office System / patch Office2007-KB936960-FullFile-x86-glb Microsoft XML Core Services / Microsoft Office SharePoint Server / Microsoft Office Groove Server 2007 / patch Office2007-KB936056-FullFile-x86-glb Microsoft XML Core Services 4 / patch Msxml4-KB936181-enu Microsoft XML Core Services 6 / patch Msxml6-KB933579-enu-x86 |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-2223 |
BID | 25301 |
Other resources |
|
Microsoft Security Bulletin MS07-042 http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-08-16 |