Alert GCSA-07119 - Vulnerabilita' in Microsoft Windows Media File
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-07119
Data : 13 Dicembre 2007
Titolo : Vulnerabilita' in Microsoft Windows Media File Format
(MS07-068)
************************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' in Microsoft Windows, che
potrebbe permettere ad un attaccante remoto di causare un Denial of
Service e di prendere il controllo completo del sistema.
Tale vulnerabilita' e' causata da un errore in Windows Media Format
Runtime nel processare i file Advanced Systems Format (ASF); tale
vulnerabilita' puo' essere sfruttata da un attaccante remoto per
eseguire codice arbitrario inducendo un utente a visitare una pagina web
appositamente predisposta.
:: Piattaforme e software interessati
Microsoft Windows Media Format Runtime 7.1
Microsoft Windows Media Format Runtime 9
Microsoft Windows Media Format Runtime 9.5
Microsoft Windows Media Format Runtime 9.5 x64 Edition
Microsoft Windows Media Format Runtime 11
Microsoft Windows Media Services 9.1
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista
Microsoft Windows Vista x64 Edition
:: Impatto
- - Denial of Service
- - Esecuzione da remoto di codice arbitrario
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
:: Riferimenti
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
Secunia
http://secunia.com/advisories/28034/
FrSIRT
http://www.frsirt.com/english/advisories/2007/4183
CVE Mitre
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0064
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR2FZDPOB+SpikaiRAQLGGwP9GXhBv1xkE1vL/5QFowJzVIdlg1DVPM97
C0RSGu5uUuF1btT6you2oXTUAwr2P59zVkUCa7W3eKRmdM9TSwaM1YU0ruiK1NRL
7p9FEjOrzRPYwq9+/qrYHY2ELjCeqrq1/JItNojAbXlEh7fMDVP1PhaHD7KDwf4G
2BwWzPTP178=
=DfIe
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-07119
Data : 13 Dicembre 2007
Titolo : Vulnerabilita' in Microsoft Windows Media File Format
(MS07-068)
************************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' in Microsoft Windows, che
potrebbe permettere ad un attaccante remoto di causare un Denial of
Service e di prendere il controllo completo del sistema.
Tale vulnerabilita' e' causata da un errore in Windows Media Format
Runtime nel processare i file Advanced Systems Format (ASF); tale
vulnerabilita' puo' essere sfruttata da un attaccante remoto per
eseguire codice arbitrario inducendo un utente a visitare una pagina web
appositamente predisposta.
:: Piattaforme e software interessati
Microsoft Windows Media Format Runtime 7.1
Microsoft Windows Media Format Runtime 9
Microsoft Windows Media Format Runtime 9.5
Microsoft Windows Media Format Runtime 9.5 x64 Edition
Microsoft Windows Media Format Runtime 11
Microsoft Windows Media Services 9.1
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista
Microsoft Windows Vista x64 Edition
:: Impatto
- - Denial of Service
- - Esecuzione da remoto di codice arbitrario
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
:: Riferimenti
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
Secunia
http://secunia.com/advisories/28034/
FrSIRT
http://www.frsirt.com/english/advisories/2007/4183
CVE Mitre
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0064
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR2FZDPOB+SpikaiRAQLGGwP9GXhBv1xkE1vL/5QFowJzVIdlg1DVPM97
C0RSGu5uUuF1btT6you2oXTUAwr2P59zVkUCa7W3eKRmdM9TSwaM1YU0ruiK1NRL
7p9FEjOrzRPYwq9+/qrYHY2ELjCeqrq1/JItNojAbXlEh7fMDVP1PhaHD7KDwf4G
2BwWzPTP178=
=DfIe
-----END PGP SIGNATURE-----