int(5327)

Vulnerability Bulletins

Denegación de servicio en Microsoft SharePoint

Vulnerability classification
Property Value
Confidence level Oficial
Impact Denegación de Servicio
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer Microsoft
Affected software Microsoft Windows SharePoint Services 3.0 SP1 y SP2

Description
Se ha descubierto una vulnerabilidad Microsoft Windows SharePoint Services 3.0 SP1 y SP2. La vulnerabilidad reside en un error en la página de ayuda.

Un atacante remoto podría causar una denegación de servicio mediante el envío de peticiones manipuladas, que provocan continuos reinicios del pool de apliación.

Solution


Actualización de software

Microsoft (MS10-039)
Microsoft Office InfoPath 2003 SP3 / patch office2003-KB980923-FullFile-ENU
Microsoft Office InfoPath 2007 SP1 y SP2 / patch office-kb979441-fullfile-x86-glb
Microsoft Office SharePoint Server 2007 SP1 (32-bit) / patch office-kb979445-fullfile-x86-glb
Microsoft Office SharePoint Server 2007 SP2 (32-bit) / patch office-kb979445-fullfile-x86-glb
Microsoft Office SharePoint Server 2007 SP1 (64-bit) / patch office-kb979445-fullfile-x64-glb
Microsoft Office SharePoint Server 2007 SP2 (64-bit) / patch office-kb979445-fullfile-x64-glb
Microsoft Windows SharePoint Services 3.0 SP1 y SP2 (32-bit versions) / patch wss-kb983444-fullfile-x86-glb
Microsoft Windows SharePoint Services 3.0 SP1 y SP2 (64-bit versions) / patch wss-kb983444-fullfile-x64-glb
http://www.microsoft.com/downloads

Standar resources
Property Value
CVE CVE-2010-1264
BID

Other resources
Microsoft Security Bulletin (MS10-039)
http://www.microsoft.com/technet/security/bulletin/MS10-039.mspx

Version history
Version Comments Date
1.0 Aviso emitido 2010-06-09
Ministerio de Defensa
CNI
CCN
CCN-CERT