Alert GCSA-11016 - APSB11-01 Vulnerabilita' in Adobe Shockwave Player
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11016
Data : 11 febbraio 2011
Titolo : APSB11-01 Vulnerabilita' in Adobe Shockwave Player
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato un aggiornamento di sicurezza
che risolve varie vulnerabilita' presenti in
Adobe Shockwave Player.
Queste vulnerabilita' potrebbero consentire ad un aggressore
l'esecuzione remota di codice arbitrario, nel caso riesca
ad indurre l'utente a visitare pagine con contenuti
si tipo Shockwave artefatti.
:: Software interessato
Adobe Shockwave Player 11.5.9.615 e precedenti per Windows e Macintosh
Per verificare la versione di Shockwave Player installata
accedere alla seguente pagina
http://www.adobe.com/shockwave/welcome/
Se utilizzate piu' browser effettuare il controllo
da ognuno di essi.
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
:: Soluzioni
Aggiornare ad Adobe Shockwave Player 11.5.9.620
http://get.adobe.com/it/shockwave/
oppure utilizzare la funzione auto-update presente nel prodotto
quando viene proposta.
:: Riferimenti
Abobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-01.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0569
Vupen Security
http://www.vupen.com/english/advisories/2011/0335
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=892
TippingPoint Digital Vaccine Laboratories
http://dvlabs.tippingpoint.com/advisory/TPTI-11-03
http://dvlabs.tippingpoint.com/advisory/TPTI-11-04
http://dvlabs.tippingpoint.com/advisory/TPTI-11-05
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTVUGtPOB+SpikaiRAQJlqwQAyKFyQcaoJ6Krw01NTTB3mL1rErM6t3DH
qRAV65G9SGuKJTdp5Grgtqhv3i3B8THXQmJ4d3I+TA6WXrU/yE4jAAuuiUEBD9XT
Gl4UBGd8DVvjbsqS+CrjkePZUPp3tvhhE/5HrekqadfB2eqY+bfnxmV88L0otbks
KN/Z3aHZtfY=
=10JU
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11016
Data : 11 febbraio 2011
Titolo : APSB11-01 Vulnerabilita' in Adobe Shockwave Player
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato un aggiornamento di sicurezza
che risolve varie vulnerabilita' presenti in
Adobe Shockwave Player.
Queste vulnerabilita' potrebbero consentire ad un aggressore
l'esecuzione remota di codice arbitrario, nel caso riesca
ad indurre l'utente a visitare pagine con contenuti
si tipo Shockwave artefatti.
:: Software interessato
Adobe Shockwave Player 11.5.9.615 e precedenti per Windows e Macintosh
Per verificare la versione di Shockwave Player installata
accedere alla seguente pagina
http://www.adobe.com/shockwave/welcome/
Se utilizzate piu' browser effettuare il controllo
da ognuno di essi.
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
:: Soluzioni
Aggiornare ad Adobe Shockwave Player 11.5.9.620
http://get.adobe.com/it/shockwave/
oppure utilizzare la funzione auto-update presente nel prodotto
quando viene proposta.
:: Riferimenti
Abobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-01.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0569
Vupen Security
http://www.vupen.com/english/advisories/2011/0335
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=892
TippingPoint Digital Vaccine Laboratories
http://dvlabs.tippingpoint.com/advisory/TPTI-11-03
http://dvlabs.tippingpoint.com/advisory/TPTI-11-04
http://dvlabs.tippingpoint.com/advisory/TPTI-11-05
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTVUGtPOB+SpikaiRAQJlqwQAyKFyQcaoJ6Krw01NTTB3mL1rErM6t3DH
qRAV65G9SGuKJTdp5Grgtqhv3i3B8THXQmJ4d3I+TA6WXrU/yE4jAAuuiUEBD9XT
Gl4UBGd8DVvjbsqS+CrjkePZUPp3tvhhE/5HrekqadfB2eqY+bfnxmV88L0otbks
KN/Z3aHZtfY=
=10JU
-----END PGP SIGNATURE-----