Alert GCSA-08085 - Vulnerabilita' multiple in Microsoft Office
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08085
Data : 13 agosto 2008
Titolo : Vulnerabilita' multiple in Microsoft Office PowerPoint (MS08-051)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft Office PowerPoint
che potrebbero essere sfruttate per ottenere il completo controllo di un
sistema che ne sia affetto.
Queste vulnerabilita' sono dovute da errori di tipo memory allocation,
memory calculation, e memory corruption, durante l'elaborazione di indici
di immagini o liste di valori in un file PowerPoint, e potrebbero essere
sfruttate per arrestare un'applicazione che ne sia affetta o per eseguire
codice arbitrario inducendo l'utente ad aprire file PPT malevoli.
:: Piattaforme e software interessati
- - Microsoft Office 2000
- - Microsoft Office 2003 Professional Edition
- - Microsoft Office 2003 Small Business Edition
- - Microsoft Office 2003 Standard Edition
- - Microsoft Office 2003 Student e Teacher Edition
- - Microsoft Office 2004 per Mac
- - Microsoft Office 2007
- - Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats
- - Microsoft Office PowerPoint 2003 Viewer
- - Microsoft Office PowerPoint 2007
- - Microsoft Office XP
- - Microsoft PowerPoint 2000
- - Microsoft PowerPoint 2002
- - Microsoft Powerpoint 2003
:: Impatto
- - Esecuzione di codice arbitrario
:: Soluzioni
Applicare le patch
Microsoft Office PowerPoint 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e7c044d8-778a-4985-b25b-4f7f6e4abadd
Microsoft Office PowerPoint 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f8921074-7985-4d42-ac2b-d2f3b1d466ba
Microsoft Office PowerPoint 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f
Microsoft Office PowerPoint 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f
Microsoft Office PowerPoint 2007:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1
Microsoft Office PowerPoint 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1
Microsoft Office PowerPoint Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File
Formats:
http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File
Formats SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f
Microsoft Office 2004 per Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EBD3AF0C-3F62-4D18-BF45-881655683BD5
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2355
Secunia:
http://secunia.com/advisories/31453/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0120
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0121
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1455
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLwkvOB+SpikaiRAQJg/gP+O43eR+DhddHxVpSBIRbmrLen6aa9lgoB
t+KaxsnGWOTEYF9sJrrW2YYVm0aYgI9QbK6QBdj24SjGT9i9RcQZXYLxA7sl8JsB
oR9o2p1w3lkiIo7wmFZlPQpykASW6gmzmvOKcnCFVjx+izURlR0wdhNCxGoJQJBi
2v8mL0vjljs=
=jejh
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08085
Data : 13 agosto 2008
Titolo : Vulnerabilita' multiple in Microsoft Office PowerPoint (MS08-051)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft Office PowerPoint
che potrebbero essere sfruttate per ottenere il completo controllo di un
sistema che ne sia affetto.
Queste vulnerabilita' sono dovute da errori di tipo memory allocation,
memory calculation, e memory corruption, durante l'elaborazione di indici
di immagini o liste di valori in un file PowerPoint, e potrebbero essere
sfruttate per arrestare un'applicazione che ne sia affetta o per eseguire
codice arbitrario inducendo l'utente ad aprire file PPT malevoli.
:: Piattaforme e software interessati
- - Microsoft Office 2000
- - Microsoft Office 2003 Professional Edition
- - Microsoft Office 2003 Small Business Edition
- - Microsoft Office 2003 Standard Edition
- - Microsoft Office 2003 Student e Teacher Edition
- - Microsoft Office 2004 per Mac
- - Microsoft Office 2007
- - Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats
- - Microsoft Office PowerPoint 2003 Viewer
- - Microsoft Office PowerPoint 2007
- - Microsoft Office XP
- - Microsoft PowerPoint 2000
- - Microsoft PowerPoint 2002
- - Microsoft Powerpoint 2003
:: Impatto
- - Esecuzione di codice arbitrario
:: Soluzioni
Applicare le patch
Microsoft Office PowerPoint 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e7c044d8-778a-4985-b25b-4f7f6e4abadd
Microsoft Office PowerPoint 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f8921074-7985-4d42-ac2b-d2f3b1d466ba
Microsoft Office PowerPoint 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f
Microsoft Office PowerPoint 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f
Microsoft Office PowerPoint 2007:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1
Microsoft Office PowerPoint 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1
Microsoft Office PowerPoint Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File
Formats:
http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File
Formats SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f
Microsoft Office 2004 per Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EBD3AF0C-3F62-4D18-BF45-881655683BD5
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2355
Secunia:
http://secunia.com/advisories/31453/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0120
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0121
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1455
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLwkvOB+SpikaiRAQJg/gP+O43eR+DhddHxVpSBIRbmrLen6aa9lgoB
t+KaxsnGWOTEYF9sJrrW2YYVm0aYgI9QbK6QBdj24SjGT9i9RcQZXYLxA7sl8JsB
oR9o2p1w3lkiIo7wmFZlPQpykASW6gmzmvOKcnCFVjx+izURlR0wdhNCxGoJQJBi
2v8mL0vjljs=
=jejh
-----END PGP SIGNATURE-----