Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en Microsoft Active Template Library |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | Microsoft |
| Software afectado |
Microsoft Active Template Library Adobe Flash Player 9 y 10 |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en Microsoft Active Template Library . Las vulnerabilidades son descritas a continuación: - CVE-2009-0901: La vulnerabilidad reside en un error en la validación de las llamadas "VariantClear". Un atacante remoto podría ejecutar código arbitrario mediante un flujo especialmente diseñado a un componente ATL. - CVE-2009-2493: La vulnerabilidad reside en un error en la restricción del uso de "OleLoadFromStream" en la creación de objetos. Un atacante remoto podría ejecutar código arbitrario mediante un documento HTML con un componente o control ATL. - CVE-2009-2495: Un atacante remoto podría obtener información privilegiada mediante un documento HTML especialmente diseñado con un componente o control ATL. |
|
Solución |
|
|
Actualización de software Microsoft (MS09-035) Microsoft Visual Studio .NET 2003 Service Pack 1 / patch VS7.1sp1-KB971089-X86 Microsoft Visual Studio 2005 Service Pack 1 / patch VS80sp1-KB971090-X86-INTL Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools / patch VS80sp1-KB973830-IA64-INTL Microsoft Visual Studio 2008 / patch VS90-KB971091-x86 Microsoft Visual Studio 2008 Service Pack 1 / patch VS90SP1-KB971092-x86 Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package / patch vcredist_IA64 Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package / patch vcredist_x64 Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package / patch vcredist_x86 Microsoft Visual C++ 2008 Redistributable Package / patch vcredist_IA64 Microsoft Visual C++ 2008 Redistributable Package / patch vcredist_x64 Microsoft Visual C++ 2008 Redistributable Package / patch vcredist_x86 Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package / patch vcredist_IA64 Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package / patch vcredist_x64 Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package / patch vcredist_x86 Microsoft (MS09-037) Windows Media Player 9, 10 y 11 / patch KB973540 Outlook Express 6 / patch KB973354 Microsoft (MS09-055) Windows 2000 / patch Windows2000-KB973525-x86-ENU Windows XP / patch Windowsxp-KB973525-x86-enu Windows XP x64 / patch WindowsServer2003.WindowsXP-KB973525-x64-enu Windows Server 2003 / patch Windowsserver2003-KB973525-x86-enu Windows Server 2003 x64 / patch Windowsserver2003.WindowsXP-KB973525-x64-enu Windows Server 2003 Itanium / patch Windowsserver2003-KB973525-ia64-enu Windows Vista / patch Windows6.0-KB973525-x86 Windows Vista x64 / patch Windows6.0-KB973525-x64 Windows Server 2008 / patch Windows6.0-KB973525-x86 Windows Server 2008 x64 / patch Windows6.0-KB973525-x64 Windows Server 2008 Itanium / patch Windows6.0-KB973525-ia64 http://www.microsoft.com/downloads Microsoft (MS09-060) Microsoft Office XP / patch officexp-KB973702-FullFile-ENU Microsoft Office 2003 / patch office2003-KB973705-FullFile-ENU Microsoft Outlook 2007 / patch outlook2007-kb972363-fullfile-x86-glb Adobe (APSA09-10), (APSB09-04), (APSB09-11) Adobe Flash Player 10.0.32.18 http://www.adobe.com/go/getflashplayer Adobe Flash Player 9 http://www.adobe.com/products/flashplayer/fp_distribution3.html Adobe AIR 1.5.2 http://get.adobe.com/air Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Sun (264648) JDK and JRE 6 Update 15 o posterior JDK and JRE 5.0 Update 20 o posterior http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Microsoft (MS09-037) Windows Media Player 9, 10 y 11 / patch KB973540 Outlook Express 6 / patch KB973354 Microsoft (MS09-072) Windows 2000 SP4 / Internet Explorer 5.01 SP4 / patch IE5.01sp4-KB976325-Windows2000sp4-x86-ENU Windows 2000 SP4 / Internet Explorer 6 SP4 / patch IE6.0sp1-KB976325-Windows2000-x86-ENU Windows XP SP2 y SP3 / Internet Explorer 6 / patch WindowsXP-KB976325-x86-ENU Windows XP Professional x64 Edition / Internet Explorer 6 / patch WindowsServer2003.WindowsXP-KB976325-x64-ENU Windows Server 2003 SP1/SP2 / Internet Explorer 6 / patch WindowsServer2003-KB976325-x86-ENU Windows Server 2003 x64 Edition / Internet Explorer 6 / patch WindowsServer2003.WindowsXP-KB976325-x64-ENU Windows Server 2003 with SP1/SP2 para Itanium-based Systems / Internet Explorer 6 patch / WindowsServer2003-KB976325-ia64-ENU Windows XP SP2/SP3 / Internet Explorer 7 / patch IE7-WindowsXP-KB976325-x86-ENU Windows XP Professional x64 Edition / Internet Explorer 7 / patch IE7-WindowsServer2003.WindowsXP-KB976325-x64-ENU Windows Server 2003 SP1/SP2 / Internet Explorer 7 / patch IE7-WindowsServer2003-KB976325-x86-ENU Windows Server 2003 x64 Edition / Internet Explorer 7 / patch IE7-WindowsServer2003.WindowsXP-KB976325-x64-ENU Windows Server 2003 with SP1/SP2 para Itanium-based Systems / Internet Explorer 7 / patch IE7-WindowsServer2003-KB976325-ia64-ENU Windows Vista / Internet Explorer 7 / patch Windows6.0-KB976325-x86 Windows Vista x64 Edition / Internet Explorer 7 / patch Windows6.0-KB976325-x64 Windows Server 2008 para 32-bit Systems / Internet Explorer 7 / patch Windows6.0-KB976325-x86 Windows Server 2008 para x64-based Systems / Internet Explorer 7 / patch Windows6.0-KB976325-x64 Windows Server 2008 para Itanium-based Systems / Internet Explorer 7 / patch Windows6.0-KB976325-ia64 Windows Server 2008 para 32-bit Systems / Internet Explorer 8 / patch Windows6.1-KB976325-x86 Windows Server 2008 para x64-based Systems / Internet Explorer 8 / patch Windows6.1-KB976325-x64 Windows Server 2008 para Itanium-based Systems / Internet Explorer 8 / patch Windows6.1-KB976325-ia64 Windows 7 x86/ Internet Explorer 8 / patch Windows6.1-KB976325-x86 Windows 7 x64 / Internet Explorer 8 / patch Windows6.1-KB976325-x64 Windows 7 ia64 / Internet Explorer 8 / patch Windows6.1-KB976325-ia64 http://www.microsoft.com/downloads Hewlett-Packard (HPSBMA02488) Los siguientes componentes requieren actualización: HP Network Configuration Utility for Windows Server 2003 x64 Editions HP Network Configuration Utility for Windows Server 2003 HP Network Configuration Utility for Windows Server 2008 x64 Editions HP Network Configuration Utility for Windows Server 2008 HP Network Configuration Utility for Windows Server 2008 R2 HP Insight Management Agents for Windows Server 2003/2008 x64 Editions HP Insight Management Agents for Windows Server 2003/2008 HP Insight Management WBEM Providers for Windows Server 2003/2008 x64 Editions HP Insight Management WBEM Providers for Windows Server 2003/2008 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2009-0901 CVE-2009-2493 CVE-2009-2495 |
| BID | |
Recursos adicionales |
|
|
Microsoft Security Bulletin (MS09-035) http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx Microsoft Security Bulletin (MS09-037) http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx Microsoft Security Bulletin (MS09-055) http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx Microsoft Security Bulletin (MS09-060) http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx Adobe Security Bulletin (APSA09-04) http://www.adobe.com/support/security/advisories/apsa09-04.html Adobe Security Bulletin (APSB09-11) http://www.adobe.com/support/security/bulletins/apsb09-11.html Cisco Security Advisory (cisco-sa-20090728-activex) http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae9e43.shtml Adobe Security Bulletin (APSB09-10) http://www.adobe.com/support/security/bulletins/apsb09-10.html SUSE Security Advisory (SUSE-SA:2009:041) http://www.novell.com/linux/security/advisories/2009_41_flash.html Sun Alert Notification (264648) http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1 Microsoft Security Bulletin (MS09-037) http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx Microsoft Security Bulletin (MS09-072) http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx SUSE Security Advisory (SUSE-SA:2010:002) http://www.novell.com/linux/security/advisories/2010_02_java.html HP SECURITY BULLETIN (HPSBMA02488) https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997644 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2009-07-30 |
| 1.1 | Aviso emitido por Adobe (APSB09-10) | 2009-07-31 |
| 1.2 | Aviso emitido por Suse (SUSE-SA:2009:041) | 2009-08-07 |
| 1.3 | Aviso emitido por Sun (264648) | 2009-08-10 |
| 1.4 | Aviso emitido por Microsoft (MS09-037) | 2009-08-24 |
| 1.5 | Aviso emitido por Microsoft (MS09-072) | 2009-12-15 |
| 1.6 | Aviso emitido por Suse (SUSE-SA:2010:002) | 2010-01-19 |
| 1.7 | Aviso emitido por HP (HPSBMA02488) | 2010-02-18 |