Alert GCSA-08018 - MS08-011 Vulnerabilita' nel Microsoft Works File
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08018
Data : 13 febbraio 2008
Titolo : MS08-011 Vulnerabilita' nel Microsoft Works File Converter (947081)
******************************************************************
:: Descrizione del problema
Questo aggiornamento risolve tre vulnerabilita' relative al
Microsoft Works File Converter. Queste vulnerabilita' possono
consentire l'esecuzione di codice da remoto se un utente
apre un file Works (.wps) malevolo, creato allo scopo.
:: Software interessato
Microsoft Works 6 File Converter
Office 2003 SP2
Office 2003 SP3
Works 8.0
Works Suite 2005
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-011.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/947081
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0108
Secunia advisories
http://secunia.com/advisories/28904/
FrSIRT
http://www.frsirt.com/english/advisories/2008/0513
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/27659
ISC SANS Diary
http://isc.sans.org/diary.html?storyid=3973
CIAC
http://www.ciac.org/ciac/bulletins/s-177.shtml
iDecence Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR7QAU/OB+SpikaiRAQKnsAP/RFE6IlCyT6j07E+X7nYJH3Uu2t8Ilod1
nzu60gVKsnjtdbxUFzAPGEb79JDeOfOqGJGokh84WGbjqGplK9ExWJuOMW8HKsJW
o6+IumbdtxYThAu9/LrGV2AhSqOjmIRVfWeY82GBkF1veuSWAM9PFMXDnINgTZ1w
mWpwmjzIQXQ=
=JnKF
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08018
Data : 13 febbraio 2008
Titolo : MS08-011 Vulnerabilita' nel Microsoft Works File Converter (947081)
******************************************************************
:: Descrizione del problema
Questo aggiornamento risolve tre vulnerabilita' relative al
Microsoft Works File Converter. Queste vulnerabilita' possono
consentire l'esecuzione di codice da remoto se un utente
apre un file Works (.wps) malevolo, creato allo scopo.
:: Software interessato
Microsoft Works 6 File Converter
Office 2003 SP2
Office 2003 SP3
Works 8.0
Works Suite 2005
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-011.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/947081
Microsoft Update
https://update.microsoft.com/microsoftupdate/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0108
Secunia advisories
http://secunia.com/advisories/28904/
FrSIRT
http://www.frsirt.com/english/advisories/2008/0513
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/27659
ISC SANS Diary
http://isc.sans.org/diary.html?storyid=3973
CIAC
http://www.ciac.org/ciac/bulletins/s-177.shtml
iDecence Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR7QAU/OB+SpikaiRAQKnsAP/RFE6IlCyT6j07E+X7nYJH3Uu2t8Ilod1
nzu60gVKsnjtdbxUFzAPGEb79JDeOfOqGJGokh84WGbjqGplK9ExWJuOMW8HKsJW
o6+IumbdtxYThAu9/LrGV2AhSqOjmIRVfWeY82GBkF1veuSWAM9PFMXDnINgTZ1w
mWpwmjzIQXQ=
=JnKF
-----END PGP SIGNATURE-----