Alert GCSA-08123 - MS08-074 Vulnerabilita' in Microsoft Office Excel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08123
Data : 11 Dicembre 2008
Titolo : MS08-074 Vulnerabilita' in Office Excel (959070)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve tre vulnerabilita'
in Microsoft Office Excel. Le vulnerabilita' consentono l'esecuzione
da remoto di codice arbitrario se un utente apre un file Excel
appositamente predisposto. Un attaccante che riesca a sfruttare queste
vulnerabilita' puo' ottenere il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Office Suite:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Altro Software:
Microsoft Office Excel Wiever 2003
Microsoft Office Excel Wiever 2003 SP3
Microsoft Office Excel Wiever
Microsoft Office Compatibility Pack 2007
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Office per Mac:
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
:: Impatto
Esecuzione remota di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-074
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-074
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3386
Secunia:
http://secunia.com/advisories/31593/
SecurityFocus:
http://www.securityfocus.com/bid/32621
http://www.securityfocus.com/bid/32618
http://www.securityfocus.com/bid/32622
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4266
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUERp/OB+SpikaiRAQIL3gP/XBygUGOQZBTNNnzjA6zM+WjWIfzZXCRg
VkR+xtHkudjVzipX9kyxS2/y5XK8OjGmWa9GDUPrN6nJXKY7ppJ7/4pYMZ2K38Aa
18y/wBHeMmULVmmORccGCgC8J4WEX0HofVsbCZQMal9QFb+ptjSvuP1cviMCBm5l
iOyZ4ESrCkQ=
=loLl
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08123
Data : 11 Dicembre 2008
Titolo : MS08-074 Vulnerabilita' in Office Excel (959070)
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve tre vulnerabilita'
in Microsoft Office Excel. Le vulnerabilita' consentono l'esecuzione
da remoto di codice arbitrario se un utente apre un file Excel
appositamente predisposto. Un attaccante che riesca a sfruttare queste
vulnerabilita' puo' ottenere il controllo completo del sistema.
:: Software e Sistemi affetti
Microsoft Office Suite:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Altro Software:
Microsoft Office Excel Wiever 2003
Microsoft Office Excel Wiever 2003 SP3
Microsoft Office Excel Wiever
Microsoft Office Compatibility Pack 2007
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Office per Mac:
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
:: Impatto
Esecuzione remota di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-074
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-074
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3386
Secunia:
http://secunia.com/advisories/31593/
SecurityFocus:
http://www.securityfocus.com/bid/32621
http://www.securityfocus.com/bid/32618
http://www.securityfocus.com/bid/32622
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4266
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUERp/OB+SpikaiRAQIL3gP/XBygUGOQZBTNNnzjA6zM+WjWIfzZXCRg
VkR+xtHkudjVzipX9kyxS2/y5XK8OjGmWa9GDUPrN6nJXKY7ppJ7/4pYMZ2K38Aa
18y/wBHeMmULVmmORccGCgC8J4WEX0HofVsbCZQMal9QFb+ptjSvuP1cviMCBm5l
iOyZ4ESrCkQ=
=loLl
-----END PGP SIGNATURE-----