Alert GCSA-08125 - MS08-076 Vulnerabilita' in Microsoft Windows
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08125
Data : 11 Dicembre 2008
Titolo : MS08-076 Vulnerabilita' in Windows Media Components
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve due vulnerabilita'
in Windows Media Player, Windows Media Format Runtime, Windows
Media Services. Le vulnerabilita' consentono l'esecuzione da remoto di
codice arbitrario. Se l'utente fosse connesso con privilegi di
amministratore, un attaccante puo' prendere il controllo completo del
sistema.
:: Software e Sistemi affetti
Windows Media Player 6.4 su sistemi:
Microsoft Windows 2000 Server SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Windows Media Format Runtime 7.1, 9.0, 9.5, 11:
Microsoft Windows 2000 Server SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
Windows Media Services su:
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
:: Impatto
Esecuzione da remoto di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-076
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-076
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3388
Secunia:
http://secunia.com/advisories/33058/
SecurityFocus:
http://www.securityfocus.com/bid/32653
http://www.securityfocus.com/bid/32654
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3010
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUEVv/OB+SpikaiRAQI+OwP/ZjPam0c2oQhwibMWMvjjIAwppuxtUDQS
MoPsfDR9Ll12x5tmb8iHEs+qevgAJ0hRWEewKMGBNT5aKChHmx3LqXQi5P66WhmT
is++bZEoufMYZl78oRweIGkjAFO0zwOCK6SBippJEmXIAK661YFkl5J9dLOSWYV7
rJWknAMFivE=
=CuPR
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08125
Data : 11 Dicembre 2008
Titolo : MS08-076 Vulnerabilita' in Windows Media Components
************************************************************************
:: Descrizione del problema
Questo aggiornamento di sicurezza risolve due vulnerabilita'
in Windows Media Player, Windows Media Format Runtime, Windows
Media Services. Le vulnerabilita' consentono l'esecuzione da remoto di
codice arbitrario. Se l'utente fosse connesso con privilegi di
amministratore, un attaccante puo' prendere il controllo completo del
sistema.
:: Software e Sistemi affetti
Windows Media Player 6.4 su sistemi:
Microsoft Windows 2000 Server SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Windows Media Format Runtime 7.1, 9.0, 9.5, 11:
Microsoft Windows 2000 Server SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
Windows Media Services su:
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 64-bit
:: Impatto
Esecuzione da remoto di codice arbitrario
Controllo completo del sistema
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-076
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-076
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
VUPEN (ex FrSirt):
http://www.vupen.com/english/advisories/2008/3388
Secunia:
http://secunia.com/advisories/33058/
SecurityFocus:
http://www.securityfocus.com/bid/32653
http://www.securityfocus.com/bid/32654
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3010
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUEVv/OB+SpikaiRAQI+OwP/ZjPam0c2oQhwibMWMvjjIAwppuxtUDQS
MoPsfDR9Ll12x5tmb8iHEs+qevgAJ0hRWEewKMGBNT5aKChHmx3LqXQi5P66WhmT
is++bZEoufMYZl78oRweIGkjAFO0zwOCK6SBippJEmXIAK661YFkl5J9dLOSWYV7
rJWknAMFivE=
=CuPR
-----END PGP SIGNATURE-----