Miembros de
Boletines de Vulnerabilidades |
Ejecución de código mediante objetos OLE en Windows en componentes RichEdit |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | Microsoft |
| Software afectado |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 / Itanium-based Systems Microsoft Windows Server 2003 SP1 / Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 2 Microsoft Project 2000 Service Release 1 Microsoft Office 2000 Multilanguage Packs Microsoft Project 2002 Service Pack 1 Microsoft Visio 2002 Service Pack 2 Microsoft Learning Essentials 1.0, 1.1, 1.5 / Microsoft Office Microsoft Global Input Method Editor / Office 2000 (Japanese) Microsoft Office 2004 / Mac |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en el componente MFC en Microsoft Windows 2000 SP4, XP SP2 y en 2003 SP1, en Office 2000 SP3, XP SP3, 2003 SP2 y en Office 2004 para Mac y en Learning Essentials para Microsoft Office 1.0, 1.1, y 1.5. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría ejecutar código arbitrario mediante un archivo RTF que contenga un objeto OLE especialmente diseñado que provocaría una corrupción de memoria. |
|
Solución |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=0b0b13d3-b2fb-4cf4-8ee1-51871d39eecd Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=3159428d-7212-4bf0-9699-3dbae5db6ca1 Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=daf2f7ac-20b4-4ec9-9467-2ddd4fc493d6 Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=2e8d2355-d5c5-406d-9322-5fe1b2134d2f Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=2e8d2355-d5c5-406d-9322-5fe1b2134d2f Microsoft Windows Server 2003 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=ed6dd20f-4c0b-48f7-a1f9-613265506835 Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=ed6dd20f-4c0b-48f7-a1f9-613265506835 Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=3b6ee258-b636-455b-8833-74dea6269e24 Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyID=2FF67E78-2A08-45C9-A7AC-09678D060439 Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=85C5162C-FC35-40B4-AD04-ADD247950423 Microsoft Office 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6C3BCAB8-0C99-4BE6-8DE7-71D463473A4A Microsoft Project 2000 Service Release 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=019B11FC-00B8-451C-AB3C-772780D4C46A Microsoft Office 2000 Multilanguage Packs http://www.microsoft.com/downloads/details.aspx?FamilyID=B5A087F8-74D2-4184-9986-23AB3C4EF7F2 Microsoft Project 2002 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=D162C366-C5E7-4850-B773-1FE669FAEEAF Microsoft Visio 2002 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B4D2E182-0997-46BC-94AC-B4B0A523C51C Microsoft Learning Essentials 1.0, 1.1, 1.5 / Microsoft Office http://www.microsoft.com/downloads/details.aspx?FamilyId=6215BD5B-1CB3-4FED-B08C-C31A88A75EBD Microsoft Global Input Method Editor / Office 2000 (Japanese) http://www.microsoft.com/downloads/details.aspx?FamilyID=2FF67E78-2A08-45C9-A7AC-09678D060439 Microsoft Office 2004 / Mac http://www.microsoft.com/mac/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2006-1311 |
| BID | 21876 |
Recursos adicionales |
|
|
Microsoft Security Bulletin MS07-013 http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-02-16 |