Alert GCSA-07031 - Vulnerabilita' multiple in Microsoft Windows
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07031
Data : 4 aprile 2007
Titolo : Vulnerabilita' multiple in Microsoft Windows (MS07-017)
******************************************************************
: Descrizione del problema
Sono state riscontrate sette vulnerabilita' in Microsoft Windows
che potrebbero essere sfruttate da un attaccante remoto per ottenere
il completo controllo di un sistema che ne sia affetto:
- - GDI Local Elevation of Privilege Vulnerability (CVE-2006-5758)
- - WMF Denial of Service Vulnerability (CVE-2007-1211)
- - EMF Elevation of Privilege Vulnerability (CVE-2007-1212)
- - GDI Invalid Window Size Elevation of Privilege Vulnerability (CVE-2006-5586)
- - Windows Animated Cursor Remote Code Execution Vulnerability (CVE-2007-0038)
- - GDI Incorrect Parameter Local Elevation of Privilege Vulnerability (CVE-2007-1215)
- - Font Rasterizer Local Elevation of Privilege Vulnerability (CVE-2007-1213)
L'attaccante inoltre potrebbe installare programmi; visualizzare, cambiare o
cancellare dati; creare nuovi account con pieni diritti utente.
Per ogni singola vulnerabilita' sono disponibili informazioni tecniche
dettagliate nella sezione "Vulnerability Details" del bollettino Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
: Piattaforme e software interessati
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP Pro x64 Edition
Microsoft Windows XP Pro x64 Edition SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows Vista
Microsoft Windows Vista x64 Edition
: Impatto
Esecuzione remota di comandi arbitrari,
Possibile completa compromissione del sistema
: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
::AVVERTENZA::
Dopo aver installato quest'aggiornamento su un sistema Windows XP Service
Pack 2, il pannello di controllo audio Realtek HD (Rthdcpl.exe) potrebbe
non avviarsi.
Inoltre verra' visualizzato un messaggio di errore simile al seguente:
Rthdcpl.exe - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not
run properly. The relocation occurred because the DLL C:WindowsSystem32Hhctrl.ocx
occupied an address range reserved for Windows system DLLs. The vendor
supplying the DLL should be contacted for a new DLL.
Per risolvere questo problema e' disponibile una patch dall'area download Microsoft:
http://www.microsoft.com/downloads/details.aspx?familyid=74AD4188-3131-429C-8FCB-F7B3B0FD3D86&displaylang=en
Ulteriori informazioni:
http://support.microsoft.com/kb/925902/en
http://support.microsoft.com/kb/935448/en
: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
FrSIRT:
http://www.frsirt.com/english/advisories/2007/1215
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1213
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRhN2t/OB+SpikaiRAQJmxwP9GADNJR1mKm1SdP1a/8zCB5SFMGXwWax7
cKSj/lBaZTutzeY+CHgkbHKwWk3cDMizhfd7JPNNLIA3VGN9s1gZUZEZjeufDG7H
B09TH0zE90175glLNgtaLcZsPxa6fVTYRMGOo5EW3YSSo/6fa6/KazxZg8zguwcR
xdLm+ORBxaw=
=iBGW
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07031
Data : 4 aprile 2007
Titolo : Vulnerabilita' multiple in Microsoft Windows (MS07-017)
******************************************************************
: Descrizione del problema
Sono state riscontrate sette vulnerabilita' in Microsoft Windows
che potrebbero essere sfruttate da un attaccante remoto per ottenere
il completo controllo di un sistema che ne sia affetto:
- - GDI Local Elevation of Privilege Vulnerability (CVE-2006-5758)
- - WMF Denial of Service Vulnerability (CVE-2007-1211)
- - EMF Elevation of Privilege Vulnerability (CVE-2007-1212)
- - GDI Invalid Window Size Elevation of Privilege Vulnerability (CVE-2006-5586)
- - Windows Animated Cursor Remote Code Execution Vulnerability (CVE-2007-0038)
- - GDI Incorrect Parameter Local Elevation of Privilege Vulnerability (CVE-2007-1215)
- - Font Rasterizer Local Elevation of Privilege Vulnerability (CVE-2007-1213)
L'attaccante inoltre potrebbe installare programmi; visualizzare, cambiare o
cancellare dati; creare nuovi account con pieni diritti utente.
Per ogni singola vulnerabilita' sono disponibili informazioni tecniche
dettagliate nella sezione "Vulnerability Details" del bollettino Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
: Piattaforme e software interessati
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP Pro x64 Edition
Microsoft Windows XP Pro x64 Edition SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows Vista
Microsoft Windows Vista x64 Edition
: Impatto
Esecuzione remota di comandi arbitrari,
Possibile completa compromissione del sistema
: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
::AVVERTENZA::
Dopo aver installato quest'aggiornamento su un sistema Windows XP Service
Pack 2, il pannello di controllo audio Realtek HD (Rthdcpl.exe) potrebbe
non avviarsi.
Inoltre verra' visualizzato un messaggio di errore simile al seguente:
Rthdcpl.exe - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not
run properly. The relocation occurred because the DLL C:WindowsSystem32Hhctrl.ocx
occupied an address range reserved for Windows system DLLs. The vendor
supplying the DLL should be contacted for a new DLL.
Per risolvere questo problema e' disponibile una patch dall'area download Microsoft:
http://www.microsoft.com/downloads/details.aspx?familyid=74AD4188-3131-429C-8FCB-F7B3B0FD3D86&displaylang=en
Ulteriori informazioni:
http://support.microsoft.com/kb/925902/en
http://support.microsoft.com/kb/935448/en
: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
FrSIRT:
http://www.frsirt.com/english/advisories/2007/1215
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1213
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRhN2t/OB+SpikaiRAQJmxwP9GADNJR1mKm1SdP1a/8zCB5SFMGXwWax7
cKSj/lBaZTutzeY+CHgkbHKwWk3cDMizhfd7JPNNLIA3VGN9s1gZUZEZjeufDG7H
B09TH0zE90175glLNgtaLcZsPxa6fVTYRMGOo5EW3YSSo/6fa6/KazxZg8zguwcR
xdLm+ORBxaw=
=iBGW
-----END PGP SIGNATURE-----