Alert GCSA-09026 - Vulnerabilita' in Microsoft WordPad e Office Text
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09026
Data : 15 Aprile 2009
Titolo : Vulnerabilita' in Microsoft WordPad e Office Text
Converters (MS09-010)
**********************************************************************
:: Descrizione del problema:
Questo aggiornamento risolve quattro vulnerabilita' presenti in
Microsoft WordPad e Office Text Converter che potrebbero essere
sfruttate da un attaccante remoto attraverso un documento malevolo
appositamente predisposto.
:: Piattaforme e Software interessati:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office Converter Pack
:: Impatto:
Esecuzione remota di codice arbitrario
Accesso al sistema
:: Soluzione:
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
All'interno del bollettino e' possibile trovare alcuni walkaround
per restringere l'uso delle componenti vulnerabili.
:: Riferimenti:
Microsoft Security Bulletin MS09-010 - Critical
http://www.microsoft.com/technet/security/Bulletin/MS09-010.mspx
Microsoft Security Advisory (960906)
http://www.microsoft.com/technet/security/advisory/960906.mspx
FortiGuard Advisory (FGA-2009-15)
http://www.fortiguardcenter.com/advisory/FGA-2009-15.html
iDefense Lab - PUBLIC ADVISORY: 04.14.09
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=
782
Security Focus
http://www.securityfocus.com/bid/32718
http://www.securityfocus.com/bid/34470
http://www.securityfocus.com/bid/34469
http://www.securityfocus.com/bid/29769
Secunia: Microsoft Windows WordPad / Office Text Converters
Vulnerabilities
http://secunia.com/advisories/32997
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0235
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSeW0C/OB+SpikaiRAQIS7wQAr4weJNfYN1veJm+TBesH7dg9lXpQNEBm
Sv1SMri+QjNuWvMI12movhGMbP5+2jUK4O3LaQ172VX1rLfeFXOZovj4ayyvfm92
RRiALmhX69wS3bO+LNNVW8MGpPIFcsJtXfS8cxZkhofYqyPHOAQgd/d4OUwY4gM9
0P5TWkHcHE0=
=9HAz
-----END PGP SIGNATURE-----
Hash: SHA1
**********************************************************************
Alert ID : GCSA-09026
Data : 15 Aprile 2009
Titolo : Vulnerabilita' in Microsoft WordPad e Office Text
Converters (MS09-010)
**********************************************************************
:: Descrizione del problema:
Questo aggiornamento risolve quattro vulnerabilita' presenti in
Microsoft WordPad e Office Text Converter che potrebbero essere
sfruttate da un attaccante remoto attraverso un documento malevolo
appositamente predisposto.
:: Piattaforme e Software interessati:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office Converter Pack
:: Impatto:
Esecuzione remota di codice arbitrario
Accesso al sistema
:: Soluzione:
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
All'interno del bollettino e' possibile trovare alcuni walkaround
per restringere l'uso delle componenti vulnerabili.
:: Riferimenti:
Microsoft Security Bulletin MS09-010 - Critical
http://www.microsoft.com/technet/security/Bulletin/MS09-010.mspx
Microsoft Security Advisory (960906)
http://www.microsoft.com/technet/security/advisory/960906.mspx
FortiGuard Advisory (FGA-2009-15)
http://www.fortiguardcenter.com/advisory/FGA-2009-15.html
iDefense Lab - PUBLIC ADVISORY: 04.14.09
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=
782
Security Focus
http://www.securityfocus.com/bid/32718
http://www.securityfocus.com/bid/34470
http://www.securityfocus.com/bid/34469
http://www.securityfocus.com/bid/29769
Secunia: Microsoft Windows WordPad / Office Text Converters
Vulnerabilities
http://secunia.com/advisories/32997
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0235
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSeW0C/OB+SpikaiRAQIS7wQAr4weJNfYN1veJm+TBesH7dg9lXpQNEBm
Sv1SMri+QjNuWvMI12movhGMbP5+2jUK4O3LaQ172VX1rLfeFXOZovj4ayyvfm92
RRiALmhX69wS3bO+LNNVW8MGpPIFcsJtXfS8cxZkhofYqyPHOAQgd/d4OUwY4gM9
0P5TWkHcHE0=
=9HAz
-----END PGP SIGNATURE-----