Alert GCSA-10028 - MS10-017 Vulnerabilita' in Microsoft Office Excel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10028
Data : 10 marzo 2010
Titolo : MS10-017 Vulnerabilita' in Microsoft Office Excel (980150)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento per risolvere sette
vulnerabilita' presenti in Microsoft Office Excel.
Le vulnerabilita' potrebbero consentire l'esecuzione di
codice arbitrario da remoto, se l'utente apre un file
malevolo costruito opportunamente.
:: Software interessato
Microsoft Excel 2002 SP3
Microsoft Excel 2003 SP3
Microsoft Excel 2007 SP1
Microsoft Excel 2007 SP2
Microsoft Excel Viewer SP1
Microsoft Excel Viewer SP2
Microsoft Office XP SP3
Microsoft Office 2003 SP3
2007 Microsoft Office System SP1
2007 Microsoft Office System SP2
Microsoft Office per Mac
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats SP1
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats SP2
Microsoft Office SharePoint Server 2007 SP1
Microsoft Office SharePoint Server 2007 SP2
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
Denial of service
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/980150
Microsoft Update e Aggiornamenti Automatici
http://go.microsoft.com/fwlink/?LinkID=40747
https://www.update.microsoft.com/microsoftupdate/v6/
http://support.microsoft.com/kb/306525/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0264
Vupen Security
http://www.vupen.com/english/advisories/2010/0566
ISC SANS
http://isc.sans.org/diary.html?storyid=8392
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/38550
http://www.securityfocus.com/bid/38551
http://www.securityfocus.com/bid/38552
http://www.securityfocus.com/bid/38553
http://www.securityfocus.com/bid/38554
http://www.securityfocus.com/bid/38555
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862
Core Security Technologies
http://www.coresecurity.com/content/CORE-2009-1103
Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-10-025
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS5eC9POB+SpikaiRAQKVcgP+P1/1uUm9OYaHAMbf7DfajWpR4FQIhh0o
x+xcwfQQkff3r0xnBD4g+CrC08ZuFd7NH39q3vnDQ/W4eZJWCVlL7rsQjDuz1rmO
pGU439Io4y/Mc7QU2mC96J9Gnx83+g/RCMMcqXT5z/X4AsI7GoAreBUnrvKx+xg5
R0yqhLlwmaI=
=iLcN
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10028
Data : 10 marzo 2010
Titolo : MS10-017 Vulnerabilita' in Microsoft Office Excel (980150)
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato un aggiornamento per risolvere sette
vulnerabilita' presenti in Microsoft Office Excel.
Le vulnerabilita' potrebbero consentire l'esecuzione di
codice arbitrario da remoto, se l'utente apre un file
malevolo costruito opportunamente.
:: Software interessato
Microsoft Excel 2002 SP3
Microsoft Excel 2003 SP3
Microsoft Excel 2007 SP1
Microsoft Excel 2007 SP2
Microsoft Excel Viewer SP1
Microsoft Excel Viewer SP2
Microsoft Office XP SP3
Microsoft Office 2003 SP3
2007 Microsoft Office System SP1
2007 Microsoft Office System SP2
Microsoft Office per Mac
Microsoft Office 2004 per Mac
Microsoft Office 2008 per Mac
Open XML File Format Converter per Mac
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats SP1
Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats SP2
Microsoft Office SharePoint Server 2007 SP1
Microsoft Office SharePoint Server 2007 SP2
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
Denial of service
:: Soluzioni
Installare manualmente la patch elencata nel bollettino Microsoft,
oppure utilizzare uno degli strumenti di aggiornamento come:
Aggiornamenti Automatici, Windows Update, Microsoft Update,
Windows Server Update Services, Systems Management Server.
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
Microsoft Knowledge Base
http://support.microsoft.com/kb/980150
Microsoft Update e Aggiornamenti Automatici
http://go.microsoft.com/fwlink/?LinkID=40747
https://www.update.microsoft.com/microsoftupdate/v6/
http://support.microsoft.com/kb/306525/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0264
Vupen Security
http://www.vupen.com/english/advisories/2010/0566
ISC SANS
http://isc.sans.org/diary.html?storyid=8392
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/38550
http://www.securityfocus.com/bid/38551
http://www.securityfocus.com/bid/38552
http://www.securityfocus.com/bid/38553
http://www.securityfocus.com/bid/38554
http://www.securityfocus.com/bid/38555
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=861
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862
Core Security Technologies
http://www.coresecurity.com/content/CORE-2009-1103
Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-10-025
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS5eC9POB+SpikaiRAQKVcgP+P1/1uUm9OYaHAMbf7DfajWpR4FQIhh0o
x+xcwfQQkff3r0xnBD4g+CrC08ZuFd7NH39q3vnDQ/W4eZJWCVlL7rsQjDuz1rmO
pGU439Io4y/Mc7QU2mC96J9Gnx83+g/RCMMcqXT5z/X4AsI7GoAreBUnrvKx+xg5
R0yqhLlwmaI=
=iLcN
-----END PGP SIGNATURE-----