Vulnerability Bulletins |
Ejecución de código en Microsoft Publisher |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Publisher 2000 Service Pack 3 Microsoft Publisher 2002 Service Pack 3 Microsoft Publisher 2003 Service Pack 2 Microsoft Publisher 2003 Service Pack 3 Microsoft Publisher 2007 Microsoft Publisher 2007 Service Pack 1 |
Description |
|
|
Se ha encontrado una vulnerabilidad en Microsoft Publisher 2000 Service Pack 3, 2002 Service Pack 3, 2003 Service Pack 2 y 3, 2007, y 2007 Service Pack 1. La vulnerabilidad reside en un error en el manejador de objetos cuando se validan datos de cabecera. Un atacante remoto podría ejecutar código arbitrario mediante un fichero “Publisher” especialmente diseñado. El boletín MS08-027 sustituye a los MS08-012 y MS07-037. |
|
Solution |
|
|
Actualización de software Microsoft (MS08-027) Microsoft Publisher 2000 / patch office2000-kb950682-fullfile-enu Microsoft Publisher 2002 / patch officeXP-kb950129-fullfile-enu Microsoft Publisher 2003 / patch office2003-kb950213-fullfile-enu Microsoft Publisher 2007 / patch publisher2007-kb950114-fullfile-x86-glb http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2008-0119 |
| BID | 29158 |
Other resources |
|
|
Microsoft Security Bulletin (MS08-027) http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2008-05-14 |