Alert GCSA-08079 - Vulnerabilita' multiple in Microsoft Internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08079
Data : 13 agosto 2008
Titolo : Vulnerabilita' multiple in Microsoft Internet Explorer (MS08-045)
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Microsoft Internet Explorer
che potrebbero essere sfruttate per compromettere un sistema che ne sia affetto.
Queste vulnerabilita' sono dovute ad errori di tipo input validation e di
corruzione della memoria durante l'accesso a certi oggetti o durante
l'elaborazione di anteprime di stampa, e potrebbero essere sfruttate per
arrestare un'applicazione che ne sia affetta o per eseguire codice arbitrario
inducendo un utente a visitare pagine web malevole.
:: Piattaforme e software interessati
- - Microsoft Internet Explorer 5.01
- - Microsoft Internet Explorer 6.x
- - Microsoft Internet Explorer 7.x
:: Impatto
- - Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare le patch
- -- Windows 2000 SP4 --
Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=1557B93B-ECBA-4F42-B89D-DB0EE067D65B
Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=AA780735-5928-4C46-89A4-63A814954796
- -- Internet Explorer 6 --
Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2
Windows XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735-4D3F-8DEF-34E7337FF604
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9-4DE0-B0A0-CE38EFE13524
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6-48E3-BB4E-7D4DDA5E0A90
Windows Server 2003 with SP1/SP2 for Itanium-based
http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE-46B1-A0BC-BB55EB0045FE
- -- Internet Explorer 7 --
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=8E2125C7-52CB-4052-82A3-2D3C6A953752
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=39B41E4B-3237-409D-A818-AB0517C5E7CF
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=B3C2E2FD-1CB9-491B-937C-053DD59A65BF
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=88A26B76-F7DF-45C9-8ED0-7D3CD71C1987
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=97D0D37D-5D76-4BC3-8CBD-1E3976C82ACF
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=13CBA012-DD20-48F9-8E44-E4CB104C4CAD
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=EAD919C2-D548-47B7-9CD6-80F991266428
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=4B52FF2F-D2F5-4C20-B6CF-86D86C56B0F8
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=DF9814A6-5BE0-4AC1-A767-A0EAE8D5EE5D
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=FFC3CFCB-73FE-4A6D-9595-E9D7A5B3D3F7
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2349
Secunia:
http://secunia.com/advisories/31375/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2254
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2255
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2256
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2257
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2258
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2259
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLiUvOB+SpikaiRAQKEygQA0CIuI8OyDucamWwxQG/uYBMFrgR4M8ns
n+2QO8k4oKohMPlHjrV61p19QrN3LD173/CcGqjQKHJ+e6aDzRKYBD1Sxj4o0Gj/
eq4AozMgD01RWNOlP9Ook1NjgKFInd7GhuahD4nC2kXa9BpOc3zcCNmcAAOKy6G0
uRmtGgHIdxI=
=3U+y
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08079
Data : 13 agosto 2008
Titolo : Vulnerabilita' multiple in Microsoft Internet Explorer (MS08-045)
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Microsoft Internet Explorer
che potrebbero essere sfruttate per compromettere un sistema che ne sia affetto.
Queste vulnerabilita' sono dovute ad errori di tipo input validation e di
corruzione della memoria durante l'accesso a certi oggetti o durante
l'elaborazione di anteprime di stampa, e potrebbero essere sfruttate per
arrestare un'applicazione che ne sia affetta o per eseguire codice arbitrario
inducendo un utente a visitare pagine web malevole.
:: Piattaforme e software interessati
- - Microsoft Internet Explorer 5.01
- - Microsoft Internet Explorer 6.x
- - Microsoft Internet Explorer 7.x
:: Impatto
- - Esecuzione remota di codice arbitrario
:: Soluzioni
Applicare le patch
- -- Windows 2000 SP4 --
Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=1557B93B-ECBA-4F42-B89D-DB0EE067D65B
Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=AA780735-5928-4C46-89A4-63A814954796
- -- Internet Explorer 6 --
Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2
Windows XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735-4D3F-8DEF-34E7337FF604
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9-4DE0-B0A0-CE38EFE13524
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6-48E3-BB4E-7D4DDA5E0A90
Windows Server 2003 with SP1/SP2 for Itanium-based
http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE-46B1-A0BC-BB55EB0045FE
- -- Internet Explorer 7 --
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=8E2125C7-52CB-4052-82A3-2D3C6A953752
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=39B41E4B-3237-409D-A818-AB0517C5E7CF
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=B3C2E2FD-1CB9-491B-937C-053DD59A65BF
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=88A26B76-F7DF-45C9-8ED0-7D3CD71C1987
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=97D0D37D-5D76-4BC3-8CBD-1E3976C82ACF
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=13CBA012-DD20-48F9-8E44-E4CB104C4CAD
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=EAD919C2-D548-47B7-9CD6-80F991266428
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=4B52FF2F-D2F5-4C20-B6CF-86D86C56B0F8
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=DF9814A6-5BE0-4AC1-A767-A0EAE8D5EE5D
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=FFC3CFCB-73FE-4A6D-9595-E9D7A5B3D3F7
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2349
Secunia:
http://secunia.com/advisories/31375/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2254
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2255
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2256
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2257
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2258
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2259
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLiUvOB+SpikaiRAQKEygQA0CIuI8OyDucamWwxQG/uYBMFrgR4M8ns
n+2QO8k4oKohMPlHjrV61p19QrN3LD173/CcGqjQKHJ+e6aDzRKYBD1Sxj4o0Gj/
eq4AozMgD01RWNOlP9Ook1NjgKFInd7GhuahD4nC2kXa9BpOc3zcCNmcAAOKy6G0
uRmtGgHIdxI=
=3U+y
-----END PGP SIGNATURE-----