Boletines de Vulnerabilidades |
Desbordamiento de búfer en Microsoft Visual Basic for Applications |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | Microsoft |
Software afectado |
Microsoft Office 2000 Service Pack 3 Microsoft Project 2000 Service Release 1 Works Suite 2004-2006 Microsoft Access 2000 Runtime Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Project 2002 Service Pack 1 Microsoft Visio 2002 Service Pack 2 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006 Microsoft Visual Basic for Applications SDK 6.0 Microsoft Visual Basic for Applications SDK 6.2 Microsoft Visual Basic for Applications SDK 6.3 Microsoft Visual Basic for Applications SDK 6.4 |
Descripción |
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en Microsoft Visual Basic for Applications (VBA) SDK 6.0 hasta 6.4, usado por Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, y Works Suite 2004 hasta 2006. La vulnerabilidad reside en un error al manejar las propiedades de ciertos documentos. Un atacante remoto podría ejecutar código arbitrario. El boletín MS08-013 sustituye al MS06-047. |
|
Solución |
|
Actualización de software Microsoft Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=837A4FA9-FABC-4119-9AAF-2C8663029D2B Microsoft Project 2000 Service Release 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90 Microsoft Access 2000 Runtime Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Project 2002 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103 Microsoft Visio 2002 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96 Microsoft Works Suite 2004 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Works Suite 2005 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Works Suite 2006 http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Visual Basic for Applications SDK 6.0 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.2 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.3 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.4 http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2006-3649 |
BID | |
Recursos adicionales |
|
Microsoft Security Bulletin (MS06-047) http://www.microsoft.com/technet/security/bulletin/ms06-047.mspx Microsoft Security Bulletin (MS08-013) http://www.microsoft.com/technet/security/Bulletin/MS08-013.mspx US-CERT - Technical Cyber Security Alert (TA06-220A) http://www.us-cert.gov/cas/techalerts/TA06-220A.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-08-09 |
1.1 | Aviso emitido por Microsoft (MS08-013). Descripción actualizada. | 2008-02-13 |