Alert GCSA-09114 - Vulnerabilita' in Microsoft Internet Explorer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09114
Data : 09 Dicembre 2009
Titolo : Vulnerabilita' in Microsoft Internet Explorer
(MS09-072)
******************************************************************
:: Descrizione del problema
Sono state identificate alcune vulnerabilita' in Microsoft Internet
Explorer, che potrebbero essere sfruttate per causare esecuzione da
remoto di codice arbitrario.
Le vulnerabilita' sono dovute ad errori nei controlli ActiveX che
utilizzano Active Template Library (ATL) vulnerabili, errori di memory
corruption e race condition, e potrebbero causare esecuzione da remoto
di codice arbitrario inducendo l'utente ad aprire una pagina web
malevola appositamente predisposta.
:: Software interessato
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista
Microsoft Windows Server 2008 R2 (x64)
Microsoft Windows Server 2008 R2 (Itanium)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows 7 (x64)
Microsoft Windows 7 (32-bit)
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS09-072.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-072
http://www.microsoft.com/technet/security/bulletin/MS09-072.mspx
Secunia
http://secunia.com/advisories/37448
VuPEN
http://www.vupen.com/english/advisories/2009/3437
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3674
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSx+k/POB+SpikaiRAQIblwQAsaUMjHbbYDyZtJZpyU/Vv3GMgaed7NGN
CzQ22ZWPTtSvpjSljHW0vuWQvF5zd4xHwB8ItYLYcplD5Kx5WMVfLCKQviwe5nuR
EIxxuGZS2rMRtMUbiAsZGS+os2VZ0rZNAOirA5+D4l2IrQtAnp104DUpozjkoKTc
KIFgbO5TGBk=
=6Qkj
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09114
Data : 09 Dicembre 2009
Titolo : Vulnerabilita' in Microsoft Internet Explorer
(MS09-072)
******************************************************************
:: Descrizione del problema
Sono state identificate alcune vulnerabilita' in Microsoft Internet
Explorer, che potrebbero essere sfruttate per causare esecuzione da
remoto di codice arbitrario.
Le vulnerabilita' sono dovute ad errori nei controlli ActiveX che
utilizzano Active Template Library (ATL) vulnerabili, errori di memory
corruption e race condition, e potrebbero causare esecuzione da remoto
di codice arbitrario inducendo l'utente ad aprire una pagina web
malevola appositamente predisposta.
:: Software interessato
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista
Microsoft Windows Server 2008 R2 (x64)
Microsoft Windows Server 2008 R2 (Itanium)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows 7 (x64)
Microsoft Windows 7 (32-bit)
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS09-072.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-072
http://www.microsoft.com/technet/security/bulletin/MS09-072.mspx
Secunia
http://secunia.com/advisories/37448
VuPEN
http://www.vupen.com/english/advisories/2009/3437
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3674
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSx+k/POB+SpikaiRAQIblwQAsaUMjHbbYDyZtJZpyU/Vv3GMgaed7NGN
CzQ22ZWPTtSvpjSljHW0vuWQvF5zd4xHwB8ItYLYcplD5Kx5WMVfLCKQviwe5nuR
EIxxuGZS2rMRtMUbiAsZGS+os2VZ0rZNAOirA5+D4l2IrQtAnp104DUpozjkoKTc
KIFgbO5TGBk=
=6Qkj
-----END PGP SIGNATURE-----