Vulnerability Bulletins |
Actualización de seguridad crítica para Outlook Express |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Outlook Express 5.5 SP2 Microsoft Outlook Express 6 Microsoft Outlook Express 6 SP1 Microsoft Outlook Express 6 SP1 (64 bit Edition) Microsoft Outlook Express 6 - Windows Server 2003 Microsoft Outlook Express 6 - Windows Server 2003 (64 bit edition) |
Description |
|
|
Se ha descubierto una vulnerabilidad crítica en las versiones 5.5 SP2, 6, 6 SP1, 6 SP1 (Edición de 64 bits) de Outlook Express. La explotación de estas vulnerabilidades podría permitir a un atacante remoto la ejecución remota de código mediante el envío de un e-mail HTML que contenga URLs MHTML especialmente diseñadas. El código se ejecutará con los privilegios del usuario que visualice el e-mail malicioso. |
|
Solution |
|
|
Actualización de software Microsoft Outlook Express Microsoft Outlook Express 5.5 SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=88D8F9DC-589A-4CE5-BB04-CCEDCB8ADDBA Microsoft Outlook Express 6 http://www.microsoft.com/downloads/details.aspx?FamilyId=DCEB332E-CAE4-4743-B6AB-EDC1CD625AE0 Microsoft Outlook Express 6 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=925628BD-1B5F-4B21-8DB6-EDE1C73F97B5 Microsoft Outlook Express 6 SP1 (64 bit Edition) http://www.microsoft.com/downloads/details.aspx?FamilyId=DEDBA3EA-05EC-45AF-8795-5F785D83CA77 Microsoft Outlook Express 6 - Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=1C44FB27-6A9D-42AE-8E06-3ADBB7896BCD Microsoft Outlook Express 6 - Windows Server 2003 (64 bit edition) http://www.microsoft.com/downloads/details.aspx?FamilyId=C765E4F3-19A4-45CF-BE99-28C136B14E30 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0380 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS04-013 http://www.microsoft.com/technet/security/Bulletin/MS04-013.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-04-14 |