Alert GCSA-08082 - Vulnerabilita' in Microsoft Outlook e Mail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08082
Data : 13 agosto 2008
Titolo : Vulnerabilita' in Microsoft Outlook e Mail (MS08-048)
******************************************************************
:: Descrizione del problema
E' stata riscontrata una vulnerabilita' in Microsoft Windows che potrebbe
essere sfruttata per aggirare restrizioni di sicurezza ed ottenere l'accesso
ad informazioni sensibili.
Questa vulnerabilita' e' dovuta ad un errore nel gestore del protocollo MHTML
durante l'interpretazione di MHTML URI redirections, e potrebbe essere
sfruttata per aggirare restrizioni di domini Internet Explorer durante la
restituzione di contenuti MHTML attraverso pagine web appositamente
predisposte. Inoltre potrebbe permettere di leggere contenuti da un altro
dominio Internet Explorer o dal sistema locale.
:: Piattaforme e software interessati
- - Microsoft Outlook Express 5.5 Service Pack 2
- - Microsoft Outlook Express 6 Service Pack 1
- - Microsoft Outlook Express 6
- - Microsoft Windows Mail
:: Impatto
- - accesso ad informazioni sensibili
:: Soluzioni
Applicare le patch
- -- Outlook Express 5.5 SP2 --
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6257bfae-35f0-4c0e-b960-bca7aa6f86f7
- -- Outlook Express 6 SP1 --
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=dab178f7-c282-41f4-acb1-a86e6aa4c91b
- -- Microsoft Outlook Express 6 --
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91469f2f-461c-4a67-8738-d42520427f6b
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2220aece-79d2-426f-90ec-24a17470567a
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=30f2244a-f6fd-4fc1-a871-abf6958cb660
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3287f006-cbb2-4c6d-820c-32833e08035a
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c8570e40-355b-4a9b-933d-53ae021cbda5
- -- Windows Mail --
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3851bcf8-f971-4d38-b27f-97396854aac0
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3bf7eb8a-b347-4661-be2d-682adc713769
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=dc3c4b63-acd3-4469-8d47-e0562d99ee65
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5f973f54-2322-4b41-8c1a-3e712c0da8ae
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9226cd85-1445-4976-a126-757c5d142ffd
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2352
Secunia:
http://secunia.com/advisories/31415/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1448
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLptvOB+SpikaiRAQLLmQP+KFfZKdtrgXujLeuzd68VkDTr0+3IDPd1
ICFCykYtzaxb+JmI3pGBidJf2k1IbBFoJdtay1AXgYwaxnc/p7Y9iy3Yg4YOqL+s
T3YJTY4b3vpMnacN4bnRY+KlK7hNA+p2aVoEdv+7VNA8DEQGC0eI87yKXaAFSgJj
81i9zmVXGVs=
=KkdS
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08082
Data : 13 agosto 2008
Titolo : Vulnerabilita' in Microsoft Outlook e Mail (MS08-048)
******************************************************************
:: Descrizione del problema
E' stata riscontrata una vulnerabilita' in Microsoft Windows che potrebbe
essere sfruttata per aggirare restrizioni di sicurezza ed ottenere l'accesso
ad informazioni sensibili.
Questa vulnerabilita' e' dovuta ad un errore nel gestore del protocollo MHTML
durante l'interpretazione di MHTML URI redirections, e potrebbe essere
sfruttata per aggirare restrizioni di domini Internet Explorer durante la
restituzione di contenuti MHTML attraverso pagine web appositamente
predisposte. Inoltre potrebbe permettere di leggere contenuti da un altro
dominio Internet Explorer o dal sistema locale.
:: Piattaforme e software interessati
- - Microsoft Outlook Express 5.5 Service Pack 2
- - Microsoft Outlook Express 6 Service Pack 1
- - Microsoft Outlook Express 6
- - Microsoft Windows Mail
:: Impatto
- - accesso ad informazioni sensibili
:: Soluzioni
Applicare le patch
- -- Outlook Express 5.5 SP2 --
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6257bfae-35f0-4c0e-b960-bca7aa6f86f7
- -- Outlook Express 6 SP1 --
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=dab178f7-c282-41f4-acb1-a86e6aa4c91b
- -- Microsoft Outlook Express 6 --
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91469f2f-461c-4a67-8738-d42520427f6b
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2220aece-79d2-426f-90ec-24a17470567a
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=30f2244a-f6fd-4fc1-a871-abf6958cb660
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3287f006-cbb2-4c6d-820c-32833e08035a
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c8570e40-355b-4a9b-933d-53ae021cbda5
- -- Windows Mail --
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3851bcf8-f971-4d38-b27f-97396854aac0
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3bf7eb8a-b347-4661-be2d-682adc713769
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=dc3c4b63-acd3-4469-8d47-e0562d99ee65
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5f973f54-2322-4b41-8c1a-3e712c0da8ae
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9226cd85-1445-4976-a126-757c5d142ffd
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2352
Secunia:
http://secunia.com/advisories/31415/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1448
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLptvOB+SpikaiRAQLLmQP+KFfZKdtrgXujLeuzd68VkDTr0+3IDPd1
ICFCykYtzaxb+JmI3pGBidJf2k1IbBFoJdtay1AXgYwaxnc/p7Y9iy3Yg4YOqL+s
T3YJTY4b3vpMnacN4bnRY+KlK7hNA+p2aVoEdv+7VNA8DEQGC0eI87yKXaAFSgJj
81i9zmVXGVs=
=KkdS
-----END PGP SIGNATURE-----