Vulnerability Bulletins |
Vulnerabilidad de "doble free()" en el manejo de archivos GIF en Internet Explorer |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Internet Explorer 5.01 Service Pack 2 Internet Explorer 5.01 Service Pack 3 Internet Explorer 5.01 Service Pack 4 Internet Explorer 5.5 Service Pack 2 Internet Explorer 6 Internet Explorer 6 Service Pack 1 Internet Explorer 6 Service Pack 1 (64-Bit Edition) Internet Explorer 6 for Windows Server 2003 Internet Explorer 6 for Windows Server 2003 (64-Bit Edition) |
Description |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en Internet Explorer. La vulnerabilidad reside en el procesado de imágenes en formato GIF. La explotación de esta vulnerabilidad podría permitir a un atacante remoto la ejecución remota de código mediante un archivo GIF especialmente diseñado que la víctima debe visualizar con una versión afectada de Internet Explorer. Destacamos que el código se ejecutará con los privilegios del usuario que ejecute Internet Explorer y visualice la imagen maliciosa. |
|
Solution |
|
|
Actualización de software Microsoft Internet Explorer 5.01 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B Internet Explorer 5.01 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60 Internet Explorer 5.01 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C Internet Explorer 5.5 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B Internet Explorer 6 http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273 Internet Explorer 6 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576 Internet Explorer 6 Service Pack 1 (64-Bit Edition) http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D Internet Explorer 6 for Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B Internet Explorer 6 for Windows Server 2003 (64-Bit Edition) http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2003-1048 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS04-025 http://www.microsoft.com/technet/security/Bulletin/MS04-025.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-08-02 |