Alert GCSA-10069 - Vulnerabilita' in Microsoft Share Point (MS10-039)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10069
Data : 10 Giugno 2010
Titolo : Vulnerabilita' in Microsoft Share Point (MS10-039)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
una vulnerabilita' in Microsoft Share Point, che puo' consentire
l'escalation di privilegi se un utente di un sito Share Point
designato come vittima apre pagine web appositamente predisposte.
:: Software interessato
Microsoft Office InfoPath 2003 Service Pack 3
Microsoft Office InfoPath 2007 Service Pack 1
Microsoft Office InfoPath 2007 Service Pack 2
Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit)
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit)
Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit)
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 1 (32-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 1 (64-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit)
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-039.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1396
Secunia
http://secunia.com/advisories/39603/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1264
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDpf/OB+SpikaiRAQJeuwQAjkCKhOkmpak3hQoyqMccZfp6YSHyXWv3
3VnQEfk8mtSYTX5F6KtVBb40sY4IXuxJCfgnOmAM4Pat3cjt7a+17effkH4nfqvI
K25w3PXTTF+32RP5Uvy9LtsqMbrkcjYRsUWwk8jz3e7QMO6iB17JzltOz8gIoT94
BRGggNdvH5E=
=+/wg
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10069
Data : 10 Giugno 2010
Titolo : Vulnerabilita' in Microsoft Share Point (MS10-039)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento di sicurezza che risolve
una vulnerabilita' in Microsoft Share Point, che puo' consentire
l'escalation di privilegi se un utente di un sito Share Point
designato come vittima apre pagine web appositamente predisposte.
:: Software interessato
Microsoft Office InfoPath 2003 Service Pack 3
Microsoft Office InfoPath 2007 Service Pack 1
Microsoft Office InfoPath 2007 Service Pack 2
Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit)
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit)
Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit)
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 1 (32-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 1 (64-bit)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit)
:: Impatto
Escalation di privilegi
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-039.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/1396
Secunia
http://secunia.com/advisories/39603/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1264
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBDpf/OB+SpikaiRAQJeuwQAjkCKhOkmpak3hQoyqMccZfp6YSHyXWv3
3VnQEfk8mtSYTX5F6KtVBb40sY4IXuxJCfgnOmAM4Pat3cjt7a+17effkH4nfqvI
K25w3PXTTF+32RP5Uvy9LtsqMbrkcjYRsUWwk8jz3e7QMO6iB17JzltOz8gIoT94
BRGggNdvH5E=
=+/wg
-----END PGP SIGNATURE-----