Alert GCSA-09056 - Vulnerabilita' in Microsoft Embedded OpenType
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09056
Data : 15 Luglio 2009
Titolo : Vulnerabilita' in Microsoft Embedded OpenType (MS09-029)
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Microsoft Windows,
che potrebbero essere sfruttate per compromettere un sitema vulnerabile.
Tali vulnerabilita' sono causate da errori di tipo buffer overflow e
integer overflow presenti nel motore di gestione dei font Embedded OpenType
(EOT), e potrebbero permettere l'esecuzione remota di codice arbitrario.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista, Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
:: Impatto
Esecuzione remota di codice arbitrario
Possibile compromissione del sistema
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-029.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-029
http://www.microsoft.com/technet/security/Bulletin/MS09-029.mspx
US-CERT - Technical Cyber Security Alert TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Secunia
http://secunia.com/advisories/35773
VuPEN
http://www.vupen.com/english/advisories/2009/1887
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0232
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSl2xkvOB+SpikaiRAQLB6wP7BBbljyUkWyRBRcbvb6vRaUWzsZyWx5sO
zvVcEmDXUrPTyhDCYq0lyvvH2/8BvZ7JfJdPYXwuCLlnReg+8VY9bshosIO7g+mx
6bzKoARqqRAO+fn/RMFAzlmB6MySKRmuE44q6r8G1yDmajh/KyrnnCSDYxkopwW4
XHZc24Ei8VM=
=oyn+
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09056
Data : 15 Luglio 2009
Titolo : Vulnerabilita' in Microsoft Embedded OpenType (MS09-029)
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Microsoft Windows,
che potrebbero essere sfruttate per compromettere un sitema vulnerabile.
Tali vulnerabilita' sono causate da errori di tipo buffer overflow e
integer overflow presenti nel motore di gestione dei font Embedded OpenType
(EOT), e potrebbero permettere l'esecuzione remota di codice arbitrario.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista, Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
:: Impatto
Esecuzione remota di codice arbitrario
Possibile compromissione del sistema
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-029.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-029
http://www.microsoft.com/technet/security/Bulletin/MS09-029.mspx
US-CERT - Technical Cyber Security Alert TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Secunia
http://secunia.com/advisories/35773
VuPEN
http://www.vupen.com/english/advisories/2009/1887
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0232
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSl2xkvOB+SpikaiRAQLB6wP7BBbljyUkWyRBRcbvb6vRaUWzsZyWx5sO
zvVcEmDXUrPTyhDCYq0lyvvH2/8BvZ7JfJdPYXwuCLlnReg+8VY9bshosIO7g+mx
6bzKoARqqRAO+fn/RMFAzlmB6MySKRmuE44q6r8G1yDmajh/KyrnnCSDYxkopwW4
XHZc24Ei8VM=
=oyn+
-----END PGP SIGNATURE-----