Alert GCSA-10067 - Vulnerabilita' in Microsoft OpenType Compact Font
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10067
Data : 10 Giugno 2010
Titolo : Vulnerabilita' Microsoft OpenType Compact Font Format (CFF) (MS10-037)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
una vulnerabilita' nei driver OpenType Compact Font Format (CFF), che
puo'consentire l'escalation di privilegi se un utente visualizza
contenuti attraverso font CFF appositamente predisposti.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft WIndows 7 (32-bit)
Microsoft WIndows 7 (x64)
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin MS10-037
http://www.microsoft.com/technet/security/Bulletin/ms10-037.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1394
Secunia
http://secunia.com/advisories/38176/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0819
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDhYfOB+SpikaiRAQKWmwQAiwKo1wZiI88BNfFbEuwWpRSkiFY8glvs
CxQWAPEGqPLLkGwBYU71iuUK0Ac6jbPDDo7L8yaG+GXglyNU9xHs23TZqU7MavvS
DPfZC7jYpeD8IVrGd1y8qsXH94OMtIhF/fy4AmR7M6WkL2GUi0JAU5O+VEpzO4IA
f1kiSrJUeZk=
=fAwf
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10067
Data : 10 Giugno 2010
Titolo : Vulnerabilita' Microsoft OpenType Compact Font Format (CFF) (MS10-037)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
una vulnerabilita' nei driver OpenType Compact Font Format (CFF), che
puo'consentire l'escalation di privilegi se un utente visualizza
contenuti attraverso font CFF appositamente predisposti.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft WIndows 7 (32-bit)
Microsoft WIndows 7 (x64)
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin MS10-037
http://www.microsoft.com/technet/security/Bulletin/ms10-037.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1394
Secunia
http://secunia.com/advisories/38176/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0819
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDhYfOB+SpikaiRAQKWmwQAiwKo1wZiI88BNfFbEuwWpRSkiFY8glvs
CxQWAPEGqPLLkGwBYU71iuUK0Ac6jbPDDo7L8yaG+GXglyNU9xHs23TZqU7MavvS
DPfZC7jYpeD8IVrGd1y8qsXH94OMtIhF/fy4AmR7M6WkL2GUi0JAU5O+VEpzO4IA
f1kiSrJUeZk=
=fAwf
-----END PGP SIGNATURE-----