Alert GCSA-08078 - Vulnerabilita' multiple in Microsoft Office
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08078
Data : 13 agosto 2008
Titolo : Vulnerabilita' multiple in Microsoft Office (MS08-044)
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Microsoft Office che
potrebbero essere sfruttata per compromettere un sistema che ne sia affetto.
Queste vulnerabilita' sono causate da errori di corruzione della memoria
durante l'elaborazione di file EPS (Encapsulated PostScript), o immagini PICT,
BMP o WPG (WordPerfect Graphics) appositamente predisposti, e potrebbero
essere sfruttate per arrestare un'applicazione che ne sia affetta o eseguire
codice arbitrario inducendo l'utente ad aprire file Office malevoli.
:: Piattaforme e software interessati
- - Microsoft Office 2000
- - Microsoft Office 2003 Professional Edition
- - Microsoft Office 2003 Small Business Edition
- - Microsoft Office 2003 Standard Edition
- - Microsoft Office 2003 Student and Teacher Edition
- - Microsoft Office File Converter Pack
- - Microsoft Office XP
- - Microsoft Project 2002
- - Microsoft Works 8.x
:: Impatto
- - Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare le patch
Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=3ab323ec-9f92-453c-b7c7-9a95a9efcaea
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79
Microsoft Office 2003 SP2 (SP3 non e' affetto):
http://www.microsoft.com/downloads/details.aspx?familyid=e0df2f6e-1102-461d-829f-5f3e2d7eb4b3
Microsoft Office Project 2002 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79
Microsoft Office Converter Pack:
http://www.microsoft.com/downloads/details.aspx?familyid=199b08c7-6d79-4930-8f0c-31034629c485
Microsoft Works 8:
http://www.microsoft.com/downloads/details.aspx?familyid=458985C3-9C6F-4049-81CD-0D0389C81F11
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2348
Secunia:
http://secunia.com/advisories/31336/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3018
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3019
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3020
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3021
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3460
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLgsfOB+SpikaiRAQIbaQP/THVJ8+5P8sezYwijLiJ4eczYBBi2cAtu
rBa+DNZMD6fpXWnnEeuiNBs20CCrOhy3RfNooRsfiwvvurSJiiqqPWxl8NFrjo89
Gd9pxGs6UX06YT2D27vxklbEKrev0c+RqipyS95o6rodMu0cWn7MEYK9rWEtn57T
rVfmYss1tbI=
=HnW6
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08078
Data : 13 agosto 2008
Titolo : Vulnerabilita' multiple in Microsoft Office (MS08-044)
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Microsoft Office che
potrebbero essere sfruttata per compromettere un sistema che ne sia affetto.
Queste vulnerabilita' sono causate da errori di corruzione della memoria
durante l'elaborazione di file EPS (Encapsulated PostScript), o immagini PICT,
BMP o WPG (WordPerfect Graphics) appositamente predisposti, e potrebbero
essere sfruttate per arrestare un'applicazione che ne sia affetta o eseguire
codice arbitrario inducendo l'utente ad aprire file Office malevoli.
:: Piattaforme e software interessati
- - Microsoft Office 2000
- - Microsoft Office 2003 Professional Edition
- - Microsoft Office 2003 Small Business Edition
- - Microsoft Office 2003 Standard Edition
- - Microsoft Office 2003 Student and Teacher Edition
- - Microsoft Office File Converter Pack
- - Microsoft Office XP
- - Microsoft Project 2002
- - Microsoft Works 8.x
:: Impatto
- - Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare le patch
Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=3ab323ec-9f92-453c-b7c7-9a95a9efcaea
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79
Microsoft Office 2003 SP2 (SP3 non e' affetto):
http://www.microsoft.com/downloads/details.aspx?familyid=e0df2f6e-1102-461d-829f-5f3e2d7eb4b3
Microsoft Office Project 2002 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79
Microsoft Office Converter Pack:
http://www.microsoft.com/downloads/details.aspx?familyid=199b08c7-6d79-4930-8f0c-31034629c485
Microsoft Works 8:
http://www.microsoft.com/downloads/details.aspx?familyid=458985C3-9C6F-4049-81CD-0D0389C81F11
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2348
Secunia:
http://secunia.com/advisories/31336/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3018
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3019
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3020
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3021
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3460
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLgsfOB+SpikaiRAQIbaQP/THVJ8+5P8sezYwijLiJ4eczYBBi2cAtu
rBa+DNZMD6fpXWnnEeuiNBs20CCrOhy3RfNooRsfiwvvurSJiiqqPWxl8NFrjo89
Gd9pxGs6UX06YT2D27vxklbEKrev0c+RqipyS95o6rodMu0cWn7MEYK9rWEtn57T
rVfmYss1tbI=
=HnW6
-----END PGP SIGNATURE-----