[Info] USB Devices Can Crack Windows

31/07/2005 - 19:59 por Enrique [MVP Windows] | Informe spam
Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability

An unspecified buffer overflow vulnerability affects USB drivers in
Microsoft Windows operating systems. This issue is due to a failure of
the affected driver to properly bounds check input provided by USB
devices.

Affected Software :

- Microsoft Windows XP Tablet PC Edition SP2
- Microsoft Windows XP Tablet PC Edition SP1
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Media Center Edition SP1
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Embedded SP1
- Microsoft Windows XP Embedded
- Microsoft Windows XP 64-bit Edition Version 2003 SP1
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows Server 2003 Web Edition SP1
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2003 Standard x64 Edition
- Microsoft Windows Server 2003 Standard Edition SP1
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Enterprise x64 Edition
- Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1
- Microsoft Windows Server 2003 Enterprise Edition 64-bit
- Microsoft Windows Server 2003 Enterprise Edition SP1
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Datacenter x64 Edition
- Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1
- Microsoft Windows Server 2003 Datacenter Edition 64-bit
- Microsoft Windows Server 2003 Datacenter Edition SP1
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows ME
- Microsoft Windows 98SE
- Microsoft Windows 98
- Microsoft Windows 95 SR2
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server

Microsoft no ha proporcionado ninguna solución a esta vulnerabilidad, y
tampoco ha publicado ninguna alerta.

http://www.securityfocus.com/bid/14376


Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
ekort@Zmvps.org (quita la Z)

"La cuestión más importante es no dejar de preguntar"



Este mensaje se proporciona "como está" sin garantías de ninguna clase,
y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no
rights.
________________________________________________________________________________
 

Leer las respuestas

#1 Rodolfo Parrado Gutiérrez [MVP Windows]
01/08/2005 - 03:36 | Informe spam
Es que la falla no es de Microsoft como lo dice el articulo que habia publicado anteriormente...

http://www.eweek.com/article2/0,189...141,00.asp

However, the flaw is with USB, not Windows, said David Dewey, a research engineer at SPI. Standards developed by the USB Implementers Forum Inc., the nonprofit corporation that governs USB, don't consider security, he said.

-
Rodolfo Parrado Gutiérrez
http://tinyurl.com/6bvzu
Bogotá - Colombia
-
MVP Windows Server
MCT, MCSE, MCSA, MCDST, MCP+I
-
Este mensaje se proporciona "como está" sin garantías de ninguna índole, y no otorga ningún derecho.
-
Asegúrese de buscar desde el enlace sobre lo que esta preguntando, ya que muchas veces la pregunta ya fue respondida más de una vez
http://groups.google.com/groups?hl=....public.es
-

"Enrique [MVP Windows]" escribió en el mensaje news:
Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability

An unspecified buffer overflow vulnerability affects USB drivers in
Microsoft Windows operating systems. This issue is due to a failure of
the affected driver to properly bounds check input provided by USB
devices.

Affected Software :

- Microsoft Windows XP Tablet PC Edition SP2
- Microsoft Windows XP Tablet PC Edition SP1
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Media Center Edition SP1
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Embedded SP1
- Microsoft Windows XP Embedded
- Microsoft Windows XP 64-bit Edition Version 2003 SP1
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows Server 2003 Web Edition SP1
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2003 Standard x64 Edition
- Microsoft Windows Server 2003 Standard Edition SP1
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Enterprise x64 Edition
- Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1
- Microsoft Windows Server 2003 Enterprise Edition 64-bit
- Microsoft Windows Server 2003 Enterprise Edition SP1
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Datacenter x64 Edition
- Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1
- Microsoft Windows Server 2003 Datacenter Edition 64-bit
- Microsoft Windows Server 2003 Datacenter Edition SP1
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows ME
- Microsoft Windows 98SE
- Microsoft Windows 98
- Microsoft Windows 95 SR2
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server

Microsoft no ha proporcionado ninguna solución a esta vulnerabilidad, y
tampoco ha publicado ninguna alerta.

http://www.securityfocus.com/bid/14376


Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
(quita la Z)

"La cuestión más importante es no dejar de preguntar"



Este mensaje se proporciona "como está" sin garantías de ninguna clase,
y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no
rights.
________________________________________________________________________________

Preguntas similares