Vulnerability Bulletins |
Desbordamiento de búfer en el conversor de HTML de Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Me Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 |
Description |
|
| Se ha descubierto una vulnerabilidad de desbordamiento de búfer en la utilidad de Windows que permite la conversión entre HTML y Rich Text Format (RTF). La explotación de esta vulnerabilidad puede permitir la ejecución de código arbitrario dentro del contexto de seguridad del usuario afectado. | |
Solution |
|
|
Actualización de software Microsoft Windows Windows 98 and Windows 98 Second Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=71ec81dd-9e86-4956-94f5-b6e020348569 Windows Me http://windowsupdate.microsoft.com/ Windows NT 4.0 Server http://microsoft.com/downloads/details.aspx?FamilyId=8849D376-D7C1-4040-BC83-FEA67AE57F5F Windows NT 4.0 Terminal Server Edition http://microsoft.com/downloads/details.aspx?FamilyId=A64F5EEF-A3F5-466C-94D0-5EBF6231A612 Windows 2000 http://microsoft.com/downloads/details.aspx?FamilyId=FF84E1A5-C90D-40F2-8CF5-23DA3AB296B4 Windows XP 32 bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=11CDD153-65EC-4851-886C-5A412438D6D4 Windows XP 64 bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=EE42EDF4-DEB2-450D-9F1A-90E41E908ECB Windows Server 2003 32 bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=1C9914AB-25F8-462E-ADC0-5AC6BD0116DE Windows Server 2003 64 bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=F9697DE0-488D-4CBA-996B-7ACEC50992CE |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2003-0469 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin: MS03-023 http://www.microsoft.com/technet/security/bulletin/MS03-023.asp Microsoft Knowledgebase Article: Q823559 http://support.microsoft.com/?kbid=823559 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2003-07-11 |