Alert GCSA-09106 - Vulnerabilita' in Microsoft Office Excel (MS09-067)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09106
Data : 11 Novembre 2009
Titolo : Vulnerabilita' in Microsoft Office Excel (MS09-067)
******************************************************************
:: Descrizione del problema
Sono state identificate alcune vulnerabilita' in Microsoft Office Excel,
che potrebbero essere sfruttate per causare esecuzione da remoto di
codice arbitrario con i privilegi dell'utente locale utilizzatore della
macchina vulnerabile.
Le vulnerabilita' sono dovute ad errori di pointer overwrite, memory
corruption, array indexing e heap overflow nell'elaborare file di Excel,
record di file binari (BIFF) o formule appositamente malformate, che
potrebbero causare esecuzione di codice arbitrario inducendo l'utente ad
aprire file XLS appositamente predisposti.
:: Software interessato
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
2007 Microsoft Office System Service Pack 2
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer Service Pack 1
Microsoft Office Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 2
:: Impatto
Esecuzione da remoto di codice arbitrario
Accesso al sistema
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms09-067.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-067
http://www.microsoft.com/technet/security/Bulletin/ms09-067.mspx
Secunia
http://secunia.com/advisories/37299
VuPEN
http://www.vupen.com/english/advisories/2009/3193
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3134
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSvqrIPOB+SpikaiRAQLH0wP+KbMFZFxq+mvdutRrFULtKyFe6ReMbupS
PdFfkrj72QDdlcBAGiQ52G9wvN+N0LrVIvNd7GHXCiiqPTK/M1234Fcc1VlwQ9TB
h1bwaJ5AvpPbukiDSYeWRxbXVGEz/jSDB/58p/ctXNNzsRFUZ3eICem7y3PkZlpd
txae9KGP7Ps=
=YYDD
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09106
Data : 11 Novembre 2009
Titolo : Vulnerabilita' in Microsoft Office Excel (MS09-067)
******************************************************************
:: Descrizione del problema
Sono state identificate alcune vulnerabilita' in Microsoft Office Excel,
che potrebbero essere sfruttate per causare esecuzione da remoto di
codice arbitrario con i privilegi dell'utente locale utilizzatore della
macchina vulnerabile.
Le vulnerabilita' sono dovute ad errori di pointer overwrite, memory
corruption, array indexing e heap overflow nell'elaborare file di Excel,
record di file binari (BIFF) o formule appositamente malformate, che
potrebbero causare esecuzione di codice arbitrario inducendo l'utente ad
aprire file XLS appositamente predisposti.
:: Software interessato
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
2007 Microsoft Office System Service Pack 2
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer Service Pack 1
Microsoft Office Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 2
:: Impatto
Esecuzione da remoto di codice arbitrario
Accesso al sistema
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms09-067.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-067
http://www.microsoft.com/technet/security/Bulletin/ms09-067.mspx
Secunia
http://secunia.com/advisories/37299
VuPEN
http://www.vupen.com/english/advisories/2009/3193
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3134
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSvqrIPOB+SpikaiRAQLH0wP+KbMFZFxq+mvdutRrFULtKyFe6ReMbupS
PdFfkrj72QDdlcBAGiQ52G9wvN+N0LrVIvNd7GHXCiiqPTK/M1234Fcc1VlwQ9TB
h1bwaJ5AvpPbukiDSYeWRxbXVGEz/jSDB/58p/ctXNNzsRFUZ3eICem7y3PkZlpd
txae9KGP7Ps=
=YYDD
-----END PGP SIGNATURE-----