Boletines de Vulnerabilidades |
Ejecución de código en Microsoft Agent |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | Microsoft |
Software afectado |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 1 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 / Itanium-based Systems Microsoft Windows Server 2003 SP1 / Itanium-based Systems Microsoft Windows Server 2003 SP2 / Itanium-based Systems |
Descripción |
|
Se ha descubierto una vulnerabilidad en Windows 2000 SP4, XP SP2 y en Server 2003, 2003 SP1 y en 2003 SP2. La vulnerabilidad reside en un error en Microsoft Agent (msagent\agentsvr.exe). Un atacante remoto podría ejecutar código arbitrario mediante URLs especialmente construidas que provocarían una corrupción de memoria. |
|
Solución |
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=49dc470b-64e2-47ec-be90-622b407c7751 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=e16ededa-6e8c-40d6-a3c0-d61362411acc Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d Microsoft Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=281f10d2-d754-44cd-8318-9ce94b8d01b4 Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=281f10d2-d754-44cd-8318-9ce94b8d01b4 Microsoft Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e Microsoft Windows Server 2003 x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e Microsoft Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=50469b54-b6ff-46ed-b2bc-3b00b0984e1e Microsoft Windows Server 2003 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f Microsoft Windows Server 2003 SP2 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=883660ca-e976-460f-8e50-c19d1b02b42f |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-1205 |
BID | |
Recursos adicionales |
|
Microsoft Security Bulletin MS07-020 http://www.microsoft.com/technet/security/bulletin/ms07-020.mspx |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2007-04-12 |