Alert GCSA-07045 - Vulnerabilita' multiple in Microsoft Internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07045
Data : 9 maggio 2007
Titolo : Vulnerabilita' multiple in Microsoft Internet Explorer
(MS07-027)
******************************************************************
: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Internet Explorer
che potrebbero essere sfruttate da un attaccante remoto creando una pagina Web
appositamente predisposta, per otterene il completo controllo di un sistema
che ne sia affetto:
- - COM Object Instantiation Memory Corruption Vulnerability (CVE-2007-0942)
- - Uninitialized Memory Corruption Vulnerability (CVE-2007-0944)
- - Property Memory Corruption Vulnerability (CVE-2007-0945)
- - HTML Objects Memory Corruption Vulnerabilities (CVE-2007-0946, CVE-2007-0947)
- - Arbitrary File Rewrite Vulnerability (CVE-2007-2221)
Per ogni singola vulnerabilita' sono disponibili informazioni tecniche
dettagliate nella sezione "Vulnerability Details" del bollettino Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-027.mspx
: Piattaforme e software interessati
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
: Impatto
Esecuzione di codice in modalita' remota.
Possibile ottenimento del completo controllo del sistema.
: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
FrSIRT:
http://www.frsirt.com/english/advisories/2007/1712
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0942
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0944
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0945
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0946
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0947
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2221
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRkGebfOB+SpikaiRAQIORAP/dhLGyUaRARABJANPlZyESFXMehDaFuzH
VnPWlGILh06/ehNTnWM9+BV8gl4/frXgi3y9WKkEVjIOVtDdIG5w/M0fJHqHXGWi
81OAjte/O2wC5syVaFGJICx0Q6OWTJbZBhkfyWvXhihyu+mICBPe8q8sCY7zjm7f
FwpQmF5fs9o=
=hVXK
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07045
Data : 9 maggio 2007
Titolo : Vulnerabilita' multiple in Microsoft Internet Explorer
(MS07-027)
******************************************************************
: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Microsoft Internet Explorer
che potrebbero essere sfruttate da un attaccante remoto creando una pagina Web
appositamente predisposta, per otterene il completo controllo di un sistema
che ne sia affetto:
- - COM Object Instantiation Memory Corruption Vulnerability (CVE-2007-0942)
- - Uninitialized Memory Corruption Vulnerability (CVE-2007-0944)
- - Property Memory Corruption Vulnerability (CVE-2007-0945)
- - HTML Objects Memory Corruption Vulnerabilities (CVE-2007-0946, CVE-2007-0947)
- - Arbitrary File Rewrite Vulnerability (CVE-2007-2221)
Per ogni singola vulnerabilita' sono disponibili informazioni tecniche
dettagliate nella sezione "Vulnerability Details" del bollettino Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS07-027.mspx
: Piattaforme e software interessati
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
: Impatto
Esecuzione di codice in modalita' remota.
Possibile ottenimento del completo controllo del sistema.
: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
FrSIRT:
http://www.frsirt.com/english/advisories/2007/1712
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0942
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0944
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0945
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0946
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0947
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2221
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRkGebfOB+SpikaiRAQIORAP/dhLGyUaRARABJANPlZyESFXMehDaFuzH
VnPWlGILh06/ehNTnWM9+BV8gl4/frXgi3y9WKkEVjIOVtDdIG5w/M0fJHqHXGWi
81OAjte/O2wC5syVaFGJICx0Q6OWTJbZBhkfyWvXhihyu+mICBPe8q8sCY7zjm7f
FwpQmF5fs9o=
=hVXK
-----END PGP SIGNATURE-----