Alert GCSA-08115 - MS08-069 Vulnerabilita' in Microsoft XML Core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08115
Data : 13 Novembre 2008
Titolo : MS08-069 Vulnerabilita' in Microsoft XML Core Services
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve diverse vulnerabilita'
relative a Microsoft XML Core Services.
La vulnerabilita' piu' severa consente l'esecuzione da remoto di
codice arbitrario se un utente visualizza pagine appositamente
predisposte usando Internet Explorer.
:: Software e Sistemi affetti
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 Itanium-based SP1
Microsoft Windows Server 2003 Itanium-based SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
Microsoft Windows Server 2008 Itanium-based
Microsoft Office 2003 SP3
Microsoft Word Viewer 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Office SharePoint Server 2007 32-bit
Microsoft Office SharePoint Server 2007 32-bit SP1
Microsoft Office SharePoint Server 2007 64-bit
Microsoft Office SharePoint Server 2007 64-bit SP1
Microsoft Office Groove Server 2007
:: Impatto
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
Esposizione di informazioni di sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-069
http://www.microsoft.com/technet/security/Bulletin/ms08-069.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-069
http://www.microsoft.com/technet/security/Bulletin/ms08-069.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/3111
SecurityFocus:
http://www.securityfocus.com/bid/21872
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4033
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSRwClvOB+SpikaiRAQJxjQP9EzutB1apjXsMy3oZAc0AfxSFYR7Px/Cw
MJFf5f51HWP8fqMbgLCngLe1PMLnyaZB2quU39o2s/nDr+RC+zh2Of32YOlbB585
1LM0r1n2ht3vScRtbzdeWhl/oCfJgUo43jDthiu1v2fDdczR6HeU3cPXw33055kS
gqL+4GP0lsI=
=1ZYY
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08115
Data : 13 Novembre 2008
Titolo : MS08-069 Vulnerabilita' in Microsoft XML Core Services
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve diverse vulnerabilita'
relative a Microsoft XML Core Services.
La vulnerabilita' piu' severa consente l'esecuzione da remoto di
codice arbitrario se un utente visualizza pagine appositamente
predisposte usando Internet Explorer.
:: Software e Sistemi affetti
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 Itanium-based SP1
Microsoft Windows Server 2003 Itanium-based SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
Microsoft Windows Server 2008 Itanium-based
Microsoft Office 2003 SP3
Microsoft Word Viewer 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Office SharePoint Server 2007 32-bit
Microsoft Office SharePoint Server 2007 32-bit SP1
Microsoft Office SharePoint Server 2007 64-bit
Microsoft Office SharePoint Server 2007 64-bit SP1
Microsoft Office Groove Server 2007
:: Impatto
Esecuzione remota di codice arbitrario
Esposizione di informazioni sensibili
Esposizione di informazioni di sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-069
http://www.microsoft.com/technet/security/Bulletin/ms08-069.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-069
http://www.microsoft.com/technet/security/Bulletin/ms08-069.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/3111
SecurityFocus:
http://www.securityfocus.com/bid/21872
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4033
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSRwClvOB+SpikaiRAQJxjQP9EzutB1apjXsMy3oZAc0AfxSFYR7Px/Cw
MJFf5f51HWP8fqMbgLCngLe1PMLnyaZB2quU39o2s/nDr+RC+zh2Of32YOlbB585
1LM0r1n2ht3vScRtbzdeWhl/oCfJgUo43jDthiu1v2fDdczR6HeU3cPXw33055kS
gqL+4GP0lsI=
=1ZYY
-----END PGP SIGNATURE-----