Alert GCSA-10149 - Vulnerabilita' in Microsoft Office Word (MS10-079)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10149
Data : 14 Ottobre 2010
Titolo : Vulnerabilita' in Microsoft Office Word (MS10-079)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft
Office Word che potrebbero essere sfruttate da un attaccante remoto per
eseguire codice arbitrario inducendo l'utente ad aprire documenti Microsoft
Word malevoli appositamente predisposti.
:: Software interessato
Microsoft Word 2002 Service Pack 3
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 2
Microsoft Word 2010 (32-bit)
Microsoft Word 2010 (64-bit)
Microsoft Word Web App
Microsoft Office Suites and Components
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit)
Microsoft Office 2010 (64-bit)
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats Service Pack 2
Microsoft Word Viewer
Microsoft Office Web Apps
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-079.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/2626
Secunia
http://secunia.com/advisories/41785/
http://secunia.com/advisories/41788/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3221
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLcKFvOB+SpikaiRAQLf+AP/eMJo4Lmtwh2xs9wY3qYlEo172+grIZza
yKfb5CEsLFWu2KcQMbUBNZESnGhl/WXVgLdhjZFzr52FntQ5f/MAwEZLyK4n2E7A
iQZEiEvoSlSDStnD/ARMWEshf/Hxm7ji9b1IuTyEbENpX9CSBF2L9QwqyCR0hlDN
BFT6noTtbVk=
=CxgY
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10149
Data : 14 Ottobre 2010
Titolo : Vulnerabilita' in Microsoft Office Word (MS10-079)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft
Office Word che potrebbero essere sfruttate da un attaccante remoto per
eseguire codice arbitrario inducendo l'utente ad aprire documenti Microsoft
Word malevoli appositamente predisposti.
:: Software interessato
Microsoft Word 2002 Service Pack 3
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 2
Microsoft Word 2010 (32-bit)
Microsoft Word 2010 (64-bit)
Microsoft Word Web App
Microsoft Office Suites and Components
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit)
Microsoft Office 2010 (64-bit)
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats Service Pack 2
Microsoft Word Viewer
Microsoft Office Web Apps
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-079.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/2626
Secunia
http://secunia.com/advisories/41785/
http://secunia.com/advisories/41788/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3221
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLcKFvOB+SpikaiRAQLf+AP/eMJo4Lmtwh2xs9wY3qYlEo172+grIZza
yKfb5CEsLFWu2KcQMbUBNZESnGhl/WXVgLdhjZFzr52FntQ5f/MAwEZLyK4n2E7A
iQZEiEvoSlSDStnD/ARMWEshf/Hxm7ji9b1IuTyEbENpX9CSBF2L9QwqyCR0hlDN
BFT6noTtbVk=
=CxgY
-----END PGP SIGNATURE-----