Alert GCSA-10023 - Vulnerabilita' multiple in OpenOffice.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10023
Data : 15 febbraio 2010
Titolo : Vulnerabilita' multiple in OpenOffice.org
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' in OpenOffice.org dovute
ad errori durante l'elaborazione di particolari tipi di file. Un
attaccante remoto puo' sfruttare queste vulnerabilita' convincendo
l'utente di un sistema vulnerabile ad aprire file appositamente
predisposti.
:: Software interessato
OpenOffice.org versioni precedenti alla 3.2
:: Impatto
Esecuzione di codice arbitrario
Compromissione del sistema
Security Bypass
Denial of Service
:: Soluzioni
Aggiornare alla versione OpenOffice.org 3.2
http://download.openoffice.org/index.html
:: Riferimenti
OpenOffice.org
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2006-4339.html
VUPEN - OpenOffice.org Data Processing Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0366
Secunia - OpenOffice.org Multiple Vulnerabilities
http://secunia.com/advisories/38567/
http://secunia.com/advisories/38568/
Securityfocus
http://www.securityfocus.com/bid/38218
http://www.securityfocus.com/bid/19849
http://www.securityfocus.com/bid/35671
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3302
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS3kvGvOB+SpikaiRAQLgggQAm2s/ETUYPhl/Q2HOvPWzVHy7UnNGf/Dd
iAeneP5elQZmxz/zmkmVPSE1RvmEDz0woBxVgQq9zU3c5fQbD2KaZbTZqOuNyC0x
Qdy1zTMTBuEr7YCh2T2v6j8hJ5/SEiPfBD4UnXjpg36V/WTtWzEyGpmBohCq7kP7
cdE518O5lKs=
=PoiU
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10023
Data : 15 febbraio 2010
Titolo : Vulnerabilita' multiple in OpenOffice.org
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' in OpenOffice.org dovute
ad errori durante l'elaborazione di particolari tipi di file. Un
attaccante remoto puo' sfruttare queste vulnerabilita' convincendo
l'utente di un sistema vulnerabile ad aprire file appositamente
predisposti.
:: Software interessato
OpenOffice.org versioni precedenti alla 3.2
:: Impatto
Esecuzione di codice arbitrario
Compromissione del sistema
Security Bypass
Denial of Service
:: Soluzioni
Aggiornare alla versione OpenOffice.org 3.2
http://download.openoffice.org/index.html
:: Riferimenti
OpenOffice.org
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2006-4339.html
VUPEN - OpenOffice.org Data Processing Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0366
Secunia - OpenOffice.org Multiple Vulnerabilities
http://secunia.com/advisories/38567/
http://secunia.com/advisories/38568/
Securityfocus
http://www.securityfocus.com/bid/38218
http://www.securityfocus.com/bid/19849
http://www.securityfocus.com/bid/35671
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3302
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS3kvGvOB+SpikaiRAQLgggQAm2s/ETUYPhl/Q2HOvPWzVHy7UnNGf/Dd
iAeneP5elQZmxz/zmkmVPSE1RvmEDz0woBxVgQq9zU3c5fQbD2KaZbTZqOuNyC0x
Qdy1zTMTBuEr7YCh2T2v6j8hJ5/SEiPfBD4UnXjpg36V/WTtWzEyGpmBohCq7kP7
cdE518O5lKs=
=PoiU
-----END PGP SIGNATURE-----