Vulnerability Bulletins |
Ejecución de programas en Internet Explorer |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Windows XP SP2 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows 2003 Server x64 Edition SP2 Windows Server 2003 SP1 for Itanium Windows Server 2003 SP2 for Itanium |
Description |
|
Se ha encontrado una vulnerabilidad en Internet Explorer 7 en sistemas con Windows XP y Windows Server 2003. La vulnerabilidad reside en un error en el manejo de URL. Un atacante remoto podría ejecutar programas de forma arbitraria mediante secuencias inválidas de "%" en mailto: u otro manipulador URI. |
|
Solution |
|
Actualización de software Microsoft Windows XP Service Pack 2 / patch Windowsxp-kb943460-x86-enu Windows XP Professional x64 Edition and x64 Edition Service Pack 2 / patch WindowsServer2003.WindowsXP-kb943460-x64-enu Windows Server 2003 / patch WindowsServer2003-KB943460-x86-enu Windows Server 2003 Itanium-based editions / patch WindowsServer2003-KB943460-ia64-enu Windows Server 2003 x64-based editions / patch WindowsServer2003.WindowsXP-KB943460-x64-enu |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-3896 |
BID | 25945 |
Other resources |
|
Microsoft Security Advisory (943521) http://www.microsoft.com/technet/security/advisory/943521.mspx Microsoft Security Bulletin MS07-061 http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-10-16 |
1.1 | Aviso emitido por Microsoft (MS07-061) | 2007-11-14 |