Alert GCSA-08121 - MS08-070 Vulnerabilita' in Microsoft Visual Basic
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08121
Data : 11 Dicembre 2008
Titolo : MS08-070 Vulnerabilita' in Visual Basic 6.0 (932349)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve sei vulnerabilita'
nei controlli ActiveX per Microsoft Visual Basic 6.0 Runtime Extended
Files. Le vulnerabilita' consentono l'esecuzione da remoto di codice
arbitrario se un utente visita pagine WEB che contengano contenuti
appositamente predisposti.
:: Software e Sistemi affetti
Microsoft Developer Tools:
Microsoft Visual Basic 6.0 runtime Extended Files
Microsoft Visual Studio .NET 2002 SP1
Microsoft Visual Studio .NET 2003 SP1
Microsoft Visual FoxPro 8.0 SP1
Microsoft Visual FoxPro 9.0 SP1
Microsoft Visual FoxPro 9.0 SP2
Microsoft Office Software:
Microsoft Office FrontPage 2002 SP3
Microsoft Office Project 2003 SP3
Microsoft Office Project 2007
Microsoft Office Project 2007 SP1
:: Impatto
Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-070
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-070
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3382
Secunia:
http://secunia.com/advisories/26534/
SecurityFocus:
http://www.securityfocus.com/bid/32591
http://www.securityfocus.com/bid/32592
http://www.securityfocus.com/bid/32612
http://www.securityfocus.com/bid/32613
http://www.securityfocus.com/bid/32614
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-083/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4256
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUD7bfOB+SpikaiRAQLyRQP8CZ9LJS+JldM8TX1KlbwrsF3lSrbM2QZL
AKb7bwab+D0ysN8rXuLWMU59i/wxJ/kJSn7ey1aofhL3Iaowsk0cMUO5EBg8xpx1
Vl7tuc4wA7Ae737vss6mICDIUP0L1sKlqMc/6W6q0zGDVw1s5yackLyR/PCWiGnA
rVtAmBBiUgU=
=wzuN
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08121
Data : 11 Dicembre 2008
Titolo : MS08-070 Vulnerabilita' in Visual Basic 6.0 (932349)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve sei vulnerabilita'
nei controlli ActiveX per Microsoft Visual Basic 6.0 Runtime Extended
Files. Le vulnerabilita' consentono l'esecuzione da remoto di codice
arbitrario se un utente visita pagine WEB che contengano contenuti
appositamente predisposti.
:: Software e Sistemi affetti
Microsoft Developer Tools:
Microsoft Visual Basic 6.0 runtime Extended Files
Microsoft Visual Studio .NET 2002 SP1
Microsoft Visual Studio .NET 2003 SP1
Microsoft Visual FoxPro 8.0 SP1
Microsoft Visual FoxPro 9.0 SP1
Microsoft Visual FoxPro 9.0 SP2
Microsoft Office Software:
Microsoft Office FrontPage 2002 SP3
Microsoft Office Project 2003 SP3
Microsoft Office Project 2007
Microsoft Office Project 2007 SP1
:: Impatto
Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-070
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-070
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3382
Secunia:
http://secunia.com/advisories/26534/
SecurityFocus:
http://www.securityfocus.com/bid/32591
http://www.securityfocus.com/bid/32592
http://www.securityfocus.com/bid/32612
http://www.securityfocus.com/bid/32613
http://www.securityfocus.com/bid/32614
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-083/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4256
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUD7bfOB+SpikaiRAQLyRQP8CZ9LJS+JldM8TX1KlbwrsF3lSrbM2QZL
AKb7bwab+D0ysN8rXuLWMU59i/wxJ/kJSn7ey1aofhL3Iaowsk0cMUO5EBg8xpx1
Vl7tuc4wA7Ae737vss6mICDIUP0L1sKlqMc/6W6q0zGDVw1s5yackLyR/PCWiGnA
rVtAmBBiUgU=
=wzuN
-----END PGP SIGNATURE-----