Boletines de Vulnerabilidades |
Vulnerabilidad de decompresión de archivos media en Microsoft Windows |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | Microsoft |
Software afectado |
Microsoft Windows 2000 Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Descripción |
|
Se han descubierto múltiples vulnerabilidades en la forma en que Windows maneja archivos media. Las vulnerabilidades son descritas a continuación: - CVE-2010-1879: La vulnerabilidad reside en un error en "Quartz.dll" para DirectShow, Windows Media Format Runtime 9, 9.5 y 11, Media Encoder 9, y en el componente "Asycfilt.dll" COM. Un atacante remoto podría ejecutar código arbitrario arbitrario y llegar a obtener permisos totales sobre el sistema mediante un fichero con datos comprimidos especialmente manipulado. - CVE-2010-1880: La vulnerabilidad reside en un error en "Quartz.dll" para DirectShow en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1, y Server 2008. Un atacante remoto podría ejecutar código arbitrario arbitrario y llegar a obtener permisos totales sobre el sistema mediante un fichero con datos comprimidos especialmente manipulado. Este boletín sustituye a los boletines: MS09-028, MS09-047 y MS08-033 |
|
Solución |
|
Actualización de software Microsoft (MS10-033) Microsoft Windows 2000 SP4 / Quartz.dll (DirectShow) (DirectX 9) / patch Windows2000-DirectX9-KB975562-x86-ENU Microsoft Windows 2000 SP4 / Windows Media Format Runtime 9 / patch Windows2000-WindowsMedia-KB978695-x86-ENU Microsoft Windows 2000 SP4 / Windows Media Encoder 9 x86 / patch WindowsMedia9-KB979332-x86-ENU Microsoft Windows 2000 SP4 / Asycfilt.dll (COM) / patch Windows2000-KB979482-x86-ENU Windows XP SP2 y Windows XP SP3 / Quartz.dll (DirectShow) / patch WindowsXP-KB975562-x86-ENU Windows XP SP2 / Windows Media Format Runtime 9, Windows Media Format Runtime 9.5 y Windows Media Format Runtime 11 / patch WindowsXP-SP2-WindowsMedia-KB978695-x86-ENU Windows XP SP3 / Windows Media Format Runtime 9, Windows Media Format Runtime 9.5 y Windows Media Format Runtime 11 / patch Windows XP SP2 y Windows XP SP3 / Windows Media Encoder 9 x86 / patch WindowsXP-WindowsMedia-KB978695-x86-ENU Windows XP SP2 y Windows XP SP3 / Asycfilt.dll (COM) / patch WindowsXP-KB979482-x86-ENU Windows XP Professional x64 Edition SP2 / Quartz.dll (DirectShow) / patch WindowsServer2003.WindowsXP-KB975562-x64-ENU Windows XP Professional x64 Edition SP2 / Windows Media Format Runtime 9.5, Windows Media Format Runtime 9.5 x64 y Windows Media Format Runtime 11 / patch Windows XP Professional x64 Edition SP2 / Windows Media Encoder 9 x86 y Windows Media Encoder 9 x64 / patch WindowsMedia9-KB979332-x86-on-x64-ENU Windows XP Professional x64 Edition SP2 / Asycfilt.dll (COM) / patch WindowsServer2003.WindowsXP-KB979482-x64-ENU Windows Server 2003 SP2 / Quartz.dll (DirectShow) / patch WindowsServer2003-KB975562-x86-ENU Windows Server 2003 SP2 / Windows Media Format Runtime 9.5 / patch WindowsServer2003-KB978695-x86-ENU Windows Server 2003 SP2 / Windows Media Encoder 9 x86 / patch WindowsMedia9-KB979332-x86-ENU Windows Server 2003 SP2 / Asycfilt.dll (COM) / patch WindowsServer2003-KB979482-x86-ENU Windows Server 2003 x64 Edition SP2 / Quartz.dll (DirectShow) / patch WindowsServer2003.WindowsXP-KB975562-x64-ENU Windows Server 2003 x64 Edition SP2 / Windows Media Format Runtime 9.5 y Windows Media Format Runtime 9.5 x64 Edition / patch WindowsServer2003.WindowsXP-KB978695-x64-ENU Windows Server 2003 x64 Edition SP2 / Windows Media Encoder 9 x86 y Windows Media Encoder 9 x64 / patch WindowsMedia9-KB979332-x86-on-x64-ENU Windows Server 2003 x64 Edition SP2 / Asycfilt.dll (COM) / patch WindowsServer2003.WindowsXP-KB979482-x64-ENU Windows Server 2003 SP2 Itanium-based Systems / Quartz.dll (DirectShow) / patch WindowsServer2003-KB975562-ia64-ENU Windows Server 2003 SP2 Itanium-based Systems / Asycfilt.dll (COM) / patch WindowsServer2003-KB979482-ia64-ENU Windows Vista SP1 / Quartz.dll (DirectShow) / patch Windows6.0-KB975562-x86 Windows Vista SP1 y Windows Vista SP2 / Asycfilt.dll (COM) / patch Windows6.0-KB979482-x86 Windows Vista SP1 y Windows Vista SP2 / Windows Media Encoder 9 x86 / patch WindowsMedia9-KB979332-INTL Windows Vista x64 Edition SP1 / Quartz.dll (DirectShow) / patch Windows6.0-KB975562-x64 Windows Vista x64 Edition SP1 y Windows Vista x64 Edition SP2 / Asycfilt.dll (COM) / patch Windows6.0-KB979482-x64 Windows Vista x64 Edition SP1 y Windows Vista x64 Edition SP2 / Windows Media Encoder 9 x86, Windows Media Encoder 9 x64 / patch WindowsMedia9-KB979332-INTL Windows Server 2008 32-bit Systems / Quartz.dll (DirectShow) / patch Windows6.0-KB975562-x86 Windows Server 2008 32-bit Systems y Windows Server 2008 32-bit Systems SP2 / Asycfilt.dll (COM) / patch Windows6.0-KB979482-x86 Windows Server 2008 32-bit Systems y Windows Server 2008 32-bit Systems SP2 / Windows Media Encoder 9 x86 / patch WindowsMedia9-KB979332-INTL Windows Server 2008 x64-based Systems / Quartz.dll (DirectShow) / patch Windows6.0-KB975562-x64 Windows Server 2008 x64-based Systems y Windows Server 2008 x64-based Systems SP2 / Asycfilt.dll (COM) / patch Windows6.0-KB979482-x64 Windows Server 2008 x64-based Systems y Windows Server 2008 x64-based Systems SP2 / Windows Media Encoder 9 x86, Windows Media Encoder 9 x64/ patch WindowsMedia9-KB979332-INTL Windows Server 2008 Itanium-based Systems / Quartz.dll (DirectShow) / patch Windows6.0-KB975562-ia64 Windows Server 2008 Itanium-based Systems y Windows Server 2008 Itanium-based Systems SP2 / Asycfilt.dll (COM) / patch Windows6.0-KB979482-ia64 Windows 7 32-bit Systems / Asycfilt.dll (COM) / patch Windows6.1-KB979482-x86 Windows 7 x64-based Systems / Asycfilt.dll (COM) / patch Windows6.1-KB979482-x64 Windows Server 2008 R2 x64-based Systems / Asycfilt.dll (COM) / patch Windows6.1-KB979482-x64 Windows Server 2008 R2 Itanium-based Systems / Asycfilt.dll (COM) / patch Windows6.1-KB979482-ia64 http://www.microsoft.com/downloads |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CVE-2010-1879 CVE-2010-1880 |
BID | |
Recursos adicionales |
|
Microsoft Security Bulletin (MS10-033) http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2010-06-09 |