Alert GCSA-09025 - Vulnerabilita' in Microsoft Office Excel (MS09-009)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09025
Data : 15 Aprile 2009
Titolo : Vulnerabilita' in Microsoft Office Excel (MS09-009)
**********************************************************************
:: Descrizione del problema:
Questo aggiornamento risolve due vulnerabilita' presenti in
Microsoft Excel che potrebbero essere sfruttate da un attaccante
per mandare in crash l'applicazione attraverso un documento malevolo
appositamente predisposto.
:: Piattaforme e Software interessati:
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2007
Microsoft Office XP
:: Impatto:
Esecuzione remota di codice arbitrario
Accesso al sistema
Denial of service
:: Soluzione:
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti:
Microsoft Security Bulletin MS09-009 - Critical
http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx
Microsoft Security Advisory 968272
http://www.microsoft.com/technet/security/advisory/968272.mspx
FortiGuard Advisory (FGA-2009-16)
http://www.fortiguardcenter.com/advisory/FGA-2009-16.html
Secunia: Microsoft Excel Two Vulnerabilities
http://secunia.com/advisories/33954/
Security Focus
http://www.securityfocus.com/bid/34413
http://www.securityfocus.com/bid/33870
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0238
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSeWuRfOB+SpikaiRAQIHDwP+LXci7L4d2adRBlNpwHJ9QJMphBAaNLHu
g7R5OtCgKHmamyBnWA74Wd9PM4TddseytSCRJfXkML+h4yCvc1n2bwQyT1LNTgqv
Iubyf5EbSt1/0JntZ26aJHcTMDy5adn2avRoDMZBh1rA+BrMNNfFeQuEIDCVhqaf
l0Aty6oYOnc=
=W5cd
-----END PGP SIGNATURE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09025
Data : 15 Aprile 2009
Titolo : Vulnerabilita' in Microsoft Office Excel (MS09-009)
**********************************************************************
:: Descrizione del problema:
Questo aggiornamento risolve due vulnerabilita' presenti in
Microsoft Excel che potrebbero essere sfruttate da un attaccante
per mandare in crash l'applicazione attraverso un documento malevolo
appositamente predisposto.
:: Piattaforme e Software interessati:
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2007
Microsoft Office XP
:: Impatto:
Esecuzione remota di codice arbitrario
Accesso al sistema
Denial of service
:: Soluzione:
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti:
Microsoft Security Bulletin MS09-009 - Critical
http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx
Microsoft Security Advisory 968272
http://www.microsoft.com/technet/security/advisory/968272.mspx
FortiGuard Advisory (FGA-2009-16)
http://www.fortiguardcenter.com/advisory/FGA-2009-16.html
Secunia: Microsoft Excel Two Vulnerabilities
http://secunia.com/advisories/33954/
Security Focus
http://www.securityfocus.com/bid/34413
http://www.securityfocus.com/bid/33870
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0238
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSeWuRfOB+SpikaiRAQIHDwP+LXci7L4d2adRBlNpwHJ9QJMphBAaNLHu
g7R5OtCgKHmamyBnWA74Wd9PM4TddseytSCRJfXkML+h4yCvc1n2bwQyT1LNTgqv
Iubyf5EbSt1/0JntZ26aJHcTMDy5adn2avRoDMZBh1rA+BrMNNfFeQuEIDCVhqaf
l0Aty6oYOnc=
=W5cd
-----END PGP SIGNATURE-----