Vulnerability Bulletins |
Aumento de privilegios en el servicio WINS de Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Server SP4 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 x64 Edition SP2 Microsoft Windows Server 2003 SP1 para Itanium-based Systems Microsoft Windows Server 2003 SP2 para Itanium-based Systems |
Description |
|
|
Se ha descubierto una vulnerabilidad en Windows Internet Name Service de Microsoft Windows 2000 Server SP4 y Windows Server 2003. La vulnerabilidad reside en un error en la validación de las estructuras de datos en un paquete WINS. Un atacante local podría aumentar sus privilegios y ejecutar código arbitrario con privilegios SYSTEM mediante el envío de un paquete WINS especialmente diseñado. |
|
Solution |
|
|
Actualización de software Microsoft (MS08-034) Microsoft Windows 2000 Server SP4 / patch Windows2000-kb948745-x86-enu Microsoft Windows Server 2003 / patch Windowsserver2003-kb948745-x86-enu Microsoft Windows Server 2003 x64 / Windowsserver2003.WindowsXP-KB948745-x64-enu Microsoft Windows Server 2003 Itanium / patch Windowsserver2003-KB948745-ia64-enu http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2008-1451 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin (MS08-034) http://www.microsoft.com/technet/security/bulletin/ms08-034.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2008-06-11 |