Alert GCSA-10150 - Vulnerabilita' in Microsoft Office Excel (MS10-080)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10150
Data : 14 Ottobre 2010
Titolo : Vulnerabilita' in Microsoft Office Excel (MS10-080)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft
Office Excel che potrebbero essere sfruttate da un attaccante remoto per
eseguire codice arbitrario inducendo l'utente ad aprire documenti
Microsoft Word malevoli appositamente predisposti.
:: Software interessato
Microsoft Excel 2002 Service Pack 3
Microsoft Excel 2003 Service Pack 3
Microsoft Excel 2007 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats Service Pack 2
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-080.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/2627
Secunia
http://secunia.com/advisories/39303/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3242
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLcLa/OB+SpikaiRAQIC5QQAyDB2Hg4xOlQXdekX/PbXA1IZ6nXCBmJW
0mZAEgQ+GZOL+tN/TEvabSFzZjdATn9noEIDNsqoGdfni7Aq8XjGoZHLylxgIBpO
Fo7PsExhMRgMAgPVPdW7/SkLxxieLpjMQBF8jutPcj5AHvQoDZeKtUwt6iQT1OmC
zjOhlW8TWMY=
=6/AE
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10150
Data : 14 Ottobre 2010
Titolo : Vulnerabilita' in Microsoft Office Excel (MS10-080)
******************************************************************
:: Descrizione del problema
Sono state riscontrate multiple vulnerabilita' in Microsoft
Office Excel che potrebbero essere sfruttate da un attaccante remoto per
eseguire codice arbitrario inducendo l'utente ad aprire documenti
Microsoft Word malevoli appositamente predisposti.
:: Software interessato
Microsoft Excel 2002 Service Pack 3
Microsoft Excel 2003 Service Pack 3
Microsoft Excel 2007 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats Service Pack 2
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms10-080.mspx
VUPEN
http://www.vupen.com/english/advisories/2010/2627
Secunia
http://secunia.com/advisories/39303/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3242
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLcLa/OB+SpikaiRAQIC5QQAyDB2Hg4xOlQXdekX/PbXA1IZ6nXCBmJW
0mZAEgQ+GZOL+tN/TEvabSFzZjdATn9noEIDNsqoGdfni7Aq8XjGoZHLylxgIBpO
Fo7PsExhMRgMAgPVPdW7/SkLxxieLpjMQBF8jutPcj5AHvQoDZeKtUwt6iQT1OmC
zjOhlW8TWMY=
=6/AE
-----END PGP SIGNATURE-----