Infosecurity Online News

Año 3 - N°6 | Junio 2007

-Gestión InfoSec-

-Actualización Técnica-

- Hacking bajo la lupa

- Toolbox

- Hot Vulnerabilities

-Foro Infosec-

-Ediciones Anteriores-

Hot Vulnerabilities

Vulnerabilidades críticas para Cisco y Microsoft

Por Martín Cutuli

Security Research
Córdoba, Argentina

Cisco Unified CallManager CTL Provider and RIS Collector Code Execution Issues

Riesgo:
Crítico.

Ejecución:
Local y Remota.

Plataforma:
Cisco Unified CallManager 3.3 versions prior to 3.3(5)SR3
Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR5
Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR2
Cisco Unified Communications Manager 4.3 versions prior to 4.3(1)SR1
Cisco Unified Communications Manager 5.1 versions prior to 5.1(2)

CVE ID:

GENERIC-MAP-NOMATCH

Referencia:

http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
http://www.iss.net/threats/270.html
http://www.iss.net/threats/271.html

Microsoft .NET Framework Code Exection and Information Disclosure

Riesgo:
Crítico.

Ejecución:
Local y Remota.

Plataforma:
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0

CVE ID:
CVE-2007-0041 - CVE-2007-0042 - CVE-2007-0043

Referencia:

http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx

Microsoft Windows Active Directory Code Exection and Denial of Service

Riesgo:
Crítico.

Ejecución:
Local y Remota.

Plataforma:

Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)

CVE ID:
CVE-2007-0040 - CVE-2007-3028

Referencia:

http://www.microsoft.com/technet/security/Bulletin/MS07-039.mspx

Martin Horacio Cutuli
Security Research
martincutuli@fibertel.com.ar

Política de protección de Datos Personales