int(5219)

Vulnerability Bulletins

Ejecución remota de código en Microsoft Office Publisher

Vulnerability classification
Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer Microsoft
Affected software Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
2007 Microsoft Office System Service Pack 2

Description
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en Microsoft Office Publisher 2002, 2003 y 2007.

Un atacante remoto podría ejecutar código arbitrario mediante un fichero Publisher.

Este boletín sustituye al MS08-027 y al MS09-030.

Solution


Actualización de software

Microsoft (MS10-023)
Microsoft Office XP Service Pack 3 / patch officexp-KB980466-fullfile-x86-glb
Microsoft Office 2003 Service Pack 3 / patch publisher2003-KB980469-fullfile-x86-glb
2007 Microsoft Office System Service Pack 1 / patch publisher2007-kb980470-fullfile-x86-glb
2007 Microsoft Office System Service Pack 2 / patch publisher2007-KB980470-fullfile-x86-glb
http://www.microsoft.com/downloads

Standar resources
Property Value
CVE CVE-2010-0479
BID NULL

Other resources
Microsoft Security Bulletin (MS10-023)
http://www.microsoft.com/technet/security/Bulletin/MS10-023.mspx

Version history
Version Comments Date
1.0 Aviso emitido 2010-04-16
Ministerio de Defensa
CNI
CCN
CCN-CERT