Alert GCSA-08118 - MS08-071 Vulnerabilita' in Microsoft GDI (956802)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08118
Data : 11 Dicembre 2008
Titolo : MS08-071 Vulnerabilita' in Microsoft GDI (956802)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve due vulnerabilita'
riguardanti GDI. Le vulnerabilita' consentono l'esecuzione da
remoto di codice arbitrario se un utente apre file di immagine
WMF appositamente predisposti. Un attaccante che sfrutta tali
vulnerabilita' puo' ottenere il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 Itanium-based SP1
Microsoft Windows Server 2003 Itanium-based SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
Microsoft Windows Server 2008 Itanium-based
:: Impatto
Esecuzione remota di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-071
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-071
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3383
Secunia:
http://secunia.com/advisories/33020/
SecurityFocus:
http://www.securityfocus.com/bid/32634
http://www.securityfocus.com/bid/32637
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3465
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUD12fOB+SpikaiRAQIM+AP/disJSblEoeStg/g4kSJZzyYYphexboyI
zS0+GSxjPIwKUqtc6NAYdR+mC8zFdKXvLVDXYOMdCwh7NcOb8NAuN36M4p1dpREZ
asRy9DaEK2iIV9G1wV6usqB/sYj1oVT9W6D57LL5TLUcfbRrrYH4uCCv/jnrz75Q
OVItYPwanfI=
=eBhb
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08118
Data : 11 Dicembre 2008
Titolo : MS08-071 Vulnerabilita' in Microsoft GDI (956802)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve due vulnerabilita'
riguardanti GDI. Le vulnerabilita' consentono l'esecuzione da
remoto di codice arbitrario se un utente apre file di immagine
WMF appositamente predisposti. Un attaccante che sfrutta tali
vulnerabilita' puo' ottenere il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 Itanium-based SP1
Microsoft Windows Server 2003 Itanium-based SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
Microsoft Windows Server 2008 Itanium-based
:: Impatto
Esecuzione remota di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-071
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-071
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3383
Secunia:
http://secunia.com/advisories/33020/
SecurityFocus:
http://www.securityfocus.com/bid/32634
http://www.securityfocus.com/bid/32637
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3465
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUD12fOB+SpikaiRAQIM+AP/disJSblEoeStg/g4kSJZzyYYphexboyI
zS0+GSxjPIwKUqtc6NAYdR+mC8zFdKXvLVDXYOMdCwh7NcOb8NAuN36M4p1dpREZ
asRy9DaEK2iIV9G1wV6usqB/sYj1oVT9W6D57LL5TLUcfbRrrYH4uCCv/jnrz75Q
OVItYPwanfI=
=eBhb
-----END PGP SIGNATURE-----