(MS14-070) Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
Data de publicação: 16 novembro 2014
Schweregrad: : Alto
Identificador(es) CVE: : CVE-2014-4076
Data do informe: 16 novembro 2014
Descrição
This security update resolves a publically reported vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Solução
Software infectado e versão:
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems