Vulnerability Bulletins |
Ejecución de código en Microsoft Speech API de Microsoft Windows |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows 2000 SP4 Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 SP1 para Itanium-based Systems Windows Server 2003 SP2 para Itanium-based Systems Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 Windows Server 2008 para x64-based Systems Windows Server 2008 para Itanium-based Systems |
Description |
|
Se ha descubierto una vulnerabilidad en Microsoft Windows 2000 SP4, Windows XP, Windows Server 2003, Windows Vista, y Windows Server 2008. La vulnerabilidad reside en un error no especificado en Microsoft Speech API. El error se encuentra en el fichero "sapi.dll" cuando está habilitada la función "Speech Recognition". Un atacante remoto podría ejecutar código arbitrario mediante una página Web especialmente diseñada con un fichero de audio que emita comandos. El boletín MS08-032 sustituye al MS08-023. |
|
Solution |
|
Actualización de software Microsoft (MS08-032) Microsoft Windows 2000 Service Pack 4 / patch Windows2000-KB950760-x86-ENU Microsoft Windows XP SP2 y SP3 / patch Windowsxp-kb950760-x86-enu Microsoft Windows XP Professional x64 Edition y x64 Edition SP2 / patch Microsoft WindowsServer2003.WindowsXP-KB950760-x64-enu Windows Server 2003 SP1 y SP2 / patch Windowsserver2003-kb950760-x86-enu Microsoft Windows Server 2003 x64 Edition y x64 Edition SP2 / patch WindowsServer2003.WindowsXP-KB950760-x64-enu Microsoft Windows Server 2003 SP1 y SP2 Itanium / patch Windowsserver2003-kb950760-ia64-enu Microsoft Windows Vista / patch Windows6.0-KB950760-x86 Microsoft Windows Vista x64 / patch Windows6.0-KB950760-x64 Microsoft Windows Server 2008 / patch Windows6.0-KB950760-x86 Microsoft Windows Server 2008 x64 / patch Windows6.0-KB950760-x64 Microsoft Windows Server 2008 Itanium / patch Windows6.0-KB950760-ia64 http://www.microsoft.com/downloads Hewlett-Packard (HPSBST02344) Storage Management Appliance v2.1 Instale el parche de Microsoft correspondiente a su sistema operativo. |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-0675 |
BID | 22359 |
Other resources |
|
Microsoft Security Bulletin (MS08-032) http://www.microsoft.com/technet/security/Bulletin/MS08-032.mspx HP SECURITY BULLETIN (HPSBST02344) https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01482941-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2008-06-11 |
1.1 | Aviso emitido por HP (HPSBST02344) | 2008-06-19 |