Alert GCSA-09043 - Vulnerabilita' in Microsoft Office Excel (MS09-021)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09043
Data : 10 giugno 2009
Titolo : Vulnerabilita' in Microsoft Office Excel (MS09-021)
******************************************************************
:: Descrizione del problema
Il bolletino di sicurezza Microsoft MS09-021, considerato critico,
risolve varie vulnerabilita' presenti in Microsoft Excel che
potrebbero essere sfruttate da un attaccante remoto per
compromettere un sistema vulnerabile.
:: Software interessato
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, PowerPoint 2007 File
Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2007
Microsoft Office SharePoint Server 2007
Microsoft Office XP
Microsoft Open XML File Format Converter for Mac
:: Impatto
Esecuzione remota di codice arbitrario
Accesso al sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin MS09-021 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
US-CERT - Technical Cyber Security Alert TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Secunia - Microsoft Excel Multiple Vulnerabilities
http://secunia.com/advisories/35364/
Securityfocus
http://www.securityfocus.com/bid/35215
http://www.securityfocus.com/bid/35241
http://www.securityfocus.com/bid/35242
http://www.securityfocus.com/bid/35243
http://www.securityfocus.com/bid/35244
http://www.securityfocus.com/bid/35245
http://www.securityfocus.com/bid/35246
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1134
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSi/eofOB+SpikaiRAQL5CwP+I726fMs5yf3dVuJlKlwgTtBK90ldC0qm
sWbZIy7Da4Vd0mV0vNGC2FKSPv2ifhsYgzXKgx5p6Us8yhZvyrhxvSPQllgC9vMT
7WRU6H5vw/CNidoFfDkHQl0I3x1gRqJ33pcJLyDH4QtDh/O/B2N1Bj98lSYHfXX9
UNGHnbyw/cw=
=yqkN
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09043
Data : 10 giugno 2009
Titolo : Vulnerabilita' in Microsoft Office Excel (MS09-021)
******************************************************************
:: Descrizione del problema
Il bolletino di sicurezza Microsoft MS09-021, considerato critico,
risolve varie vulnerabilita' presenti in Microsoft Excel che
potrebbero essere sfruttate da un attaccante remoto per
compromettere un sistema vulnerabile.
:: Software interessato
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, PowerPoint 2007 File
Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2007
Microsoft Office SharePoint Server 2007
Microsoft Office XP
Microsoft Open XML File Format Converter for Mac
:: Impatto
Esecuzione remota di codice arbitrario
Accesso al sistema
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin MS09-021 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
US-CERT - Technical Cyber Security Alert TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Secunia - Microsoft Excel Multiple Vulnerabilities
http://secunia.com/advisories/35364/
Securityfocus
http://www.securityfocus.com/bid/35215
http://www.securityfocus.com/bid/35241
http://www.securityfocus.com/bid/35242
http://www.securityfocus.com/bid/35243
http://www.securityfocus.com/bid/35244
http://www.securityfocus.com/bid/35245
http://www.securityfocus.com/bid/35246
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1134
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSi/eofOB+SpikaiRAQL5CwP+I726fMs5yf3dVuJlKlwgTtBK90ldC0qm
sWbZIy7Da4Vd0mV0vNGC2FKSPv2ifhsYgzXKgx5p6Us8yhZvyrhxvSPQllgC9vMT
7WRU6H5vw/CNidoFfDkHQl0I3x1gRqJ33pcJLyDH4QtDh/O/B2N1Bj98lSYHfXX9
UNGHnbyw/cw=
=yqkN
-----END PGP SIGNATURE-----