Alert GCSA-08122 - MS08-072 Vulnerabilita' in Microsoft Office
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08122
Data : 11 Dicembre 2008
Titolo : MS08-072 Vulnerabilita' in Microsoft Office (957173)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve otto vulnerabilita'
in Microsoft Office Word e Microsoft Office Outlook. Le vulnerabilita'
consentono l'esecuzione da remoto di codice arbitrario se un utente
apre file Word o Rich Text File (RTF) appositamente predisposti. Un
attaccante che riesca a sfruttare queste vulnerabilita' puo' ottenere
il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Office Suite:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Altro Software:
Microsoft Office Word Wiever 2003
Microsoft Office Word Wiever 2003 SP3
Microsoft Office Compatibility Pack
Microsoft Office Compatibility Pack SP1
Microsoft Works 8
Microsoft Office per Mac:
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
:: Impatto
Esecuzione remota di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-072
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-072
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3384
Secunia:
http://secunia.com/advisories/30285/
SecurityFocus:
http://www.securityfocus.com/bid/32580
http://www.securityfocus.com/bid/32579
http://www.securityfocus.com/bid/32583
http://www.securityfocus.com/bid/32581
http://www.securityfocus.com/bid/32585
http://www.securityfocus.com/bid/32642
http://www.securityfocus.com/bid/32594
http://www.securityfocus.com/bid/32584
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-084/
http://www.zerodayinitiative.com/advisories/ZDI-08-085/
http://www.zerodayinitiative.com/advisories/ZDI-08-086/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4837
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUEPzfOB+SpikaiRAQKFYgQAwYgsprG5JMG8AIHtUJPBiLznbbH0jQcF
EQlQ1wzFTToxvOb3qk8NJP13vRu58ig0lI62qr9quHs2qxJqI22/ikkSeOqFzJ0D
Mye8tcY6Tzc10nHAF3sSb93MDa2O1GLJ00FctohOfZI3snrrqUSOR+6f/InlLojH
T4pAWiKFxnY=
=9u0P
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08122
Data : 11 Dicembre 2008
Titolo : MS08-072 Vulnerabilita' in Microsoft Office (957173)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve otto vulnerabilita'
in Microsoft Office Word e Microsoft Office Outlook. Le vulnerabilita'
consentono l'esecuzione da remoto di codice arbitrario se un utente
apre file Word o Rich Text File (RTF) appositamente predisposti. Un
attaccante che riesca a sfruttare queste vulnerabilita' puo' ottenere
il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Office Suite:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Altro Software:
Microsoft Office Word Wiever 2003
Microsoft Office Word Wiever 2003 SP3
Microsoft Office Compatibility Pack
Microsoft Office Compatibility Pack SP1
Microsoft Works 8
Microsoft Office per Mac:
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
:: Impatto
Esecuzione remota di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-072
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-072
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3384
Secunia:
http://secunia.com/advisories/30285/
SecurityFocus:
http://www.securityfocus.com/bid/32580
http://www.securityfocus.com/bid/32579
http://www.securityfocus.com/bid/32583
http://www.securityfocus.com/bid/32581
http://www.securityfocus.com/bid/32585
http://www.securityfocus.com/bid/32642
http://www.securityfocus.com/bid/32594
http://www.securityfocus.com/bid/32584
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-084/
http://www.zerodayinitiative.com/advisories/ZDI-08-085/
http://www.zerodayinitiative.com/advisories/ZDI-08-086/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4837
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUEPzfOB+SpikaiRAQKFYgQAwYgsprG5JMG8AIHtUJPBiLznbbH0jQcF
EQlQ1wzFTToxvOb3qk8NJP13vRu58ig0lI62qr9quHs2qxJqI22/ikkSeOqFzJ0D
Mye8tcY6Tzc10nHAF3sSb93MDa2O1GLJ00FctohOfZI3snrrqUSOR+6f/InlLojH
T4pAWiKFxnY=
=9u0P
-----END PGP SIGNATURE-----