Exploits

Vulnerabilita’ multiple in Microsoft Office

Descrizione del problema

Sono state riscontrate vulnerabilita’ multiple in Microsoft Office che
potrebbero essere sfruttata per compromettere un sistema che ne sia affetto.
Queste vulnerabilita’ sono causate da errori di corruzione della memoria
durante l’elaborazione di file EPS (Encapsulated PostScript), o immagini PICT,
BMP o WPG (WordPerfect Graphics) appositamente predisposti, e potrebbero
essere sfruttate per arrestare un’applicazione che ne sia affetta o eseguire
codice arbitrario inducendo l’utente ad aprire file Office malevoli.

:: Piattaforme e software interessati

- – Microsoft Office 2000
- – Microsoft Office 2003 Professional Edition
- – Microsoft Office 2003 Small Business Edition
- – Microsoft Office 2003 Standard Edition
- – Microsoft Office 2003 Student and Teacher Edition
- – Microsoft Office File Converter Pack
- – Microsoft Office XP
- – Microsoft Project 2002
- – Microsoft Works 8.x

:: Impatto

- – Esecuzione remota di codice arbitrario

:: Soluzioni

Applicare le patch

Microsoft Office 2000 SP3:
http://www.microsoft.com

Microsoft Office XP SP3:
http://www.microsoft.com

Microsoft Office 2003 SP2 (SP3 non e’ affetto):
http://www.microsoft.com

Microsoft Office Project 2002 SP1:
http://www.microsoft.com

Microsoft Office Converter Pack:
http://www.microsoft.com

Microsoft Works 8:
http://www.microsoft.com

:: Riferimenti

Microsoft:
http://www.microsoft.com

FrSirt:
http://www.frsirt.com

Secunia:
http://secunia.com/advisories/31336/

CVE Mitre:
CVE-2008-3018
CVE-2008-3019
CVE-2008-3020
CVE-2008-3021
CVE-2008-3460

Vulnerabilita’ in Microsoft Excel (MS08-043)

Descrizione del problema

Description:

Sono state riscontrate multiple vulnerabilita’ in Microsoft Excel, che
potrebbero essere sfruttate per ottenere informazioni sensibili o per
compromettere un sistema che ne sia affetto.

La prima vulnerabilita’ e’ dovuta ad un errore di corruzione della memoria
durante l’elaborazione di valori index mentre file Excel vengono caricati in
memoria, e potrebbe essere sfruttata per eseguire codice arbitrario.

La seconda vulnerabilita’ e’ dovuta ad un errore di corruzione della memoria
durante l’elaborazione di un array index mentre file Excel vengono caricati in
memoria, e potrebbe essere sfruttata per eseguire codice arbitrario.

La terza vulnerabilita’ e’ dovuta ad un errore di corruzione della memoria
durante l’elaborazione di valori record mentre file Excel vengono caricati in
memoria, e potrebbe essere sfruttata per eseguire codice arbitrario.

La quarta vulnerabilita’ e’ dovuta alla non appropriata eliminazione della
stringa password da parte di Excel quando il file “.xlsx” viene configurato
per non registrare le credenziali, e potrebbe essere sfruttata per ottenere
l’accesso a dati protetti da password su una sorgente di dati remota.

:: Impatto

- – accesso ad informazioni sensibili

:: Soluzioni

Applicare le patch

Excel 2000 SP3:
http://www.microsoft.com

Excel 2002 SP3:
http://www.microsoft.com

Excel 2003 SP2:
http://www.microsoft.com

Excel 2003 SP3:
http://www.microsoft.com

Excel 2007:
http://www.microsoft.com

Excel 2007 SP1:
http://www.microsoft.com

Microsoft Office Excel Viewer 2003:
http://www.microsoft.com

Microsoft Office Excel Viewer 2003 SP3:
http://www.microsoft.com

Microsoft Office Excel Viewer:
http://www.microsoft.com

Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats:
http://www.microsoft.com

Microsoft Office Compatibility Pack per Word, Excel, e PowerPoint 2007 File Formats SP1:
http://www.microsoft.com

Microsoft Office 2004 per Mac:
http://www.microsoft.com

Microsoft Office 2008 per Mac:
http://www.microsoft.com

:: Riferimenti

Microsoft:
http://www.microsoft.com

Secunia:
http://secunia.com

FrSirt:
http://www.frsirt.com

CVE Mitre:
CVE-2008-3003
CVE-2008-3004
CVE-2008-3005
CVE-2008-3006

Vulnerabilita’ in Microsoft Word (MS08-042)

Descrizione del problema

E’ stata riscontrata una vulnerabilita’ in Microsoft Word che potrebbe
essere sfruttata per compromettere un sistema che ne sia affetto.
Questa vulnerabilita’ e’ dovuta ad un errore durante l’elaborazione
dei valori di smart tag, e potrebbe essere sfruttata per provocare
corruzione di memoria attraverso documenti appositamente predisposti.

:: Piattaforme e software interessati

- – Microsoft Office 2003 Professional Edition
- – Microsoft Office 2003 Small Business Edition
- – Microsoft Office 2003 Standard Edition
- – Microsoft Office 2003 Student and Teacher Edition
- – Microsoft Office XP
- – Microsoft Word 2002
- – Microsoft Word 2003

:: Impatto

- – Esecuzione remota di codice arbitrario;
- – Possibile comprmissione del sistema.

:: Soluzioni

Applicare le patch

Microsoft Word 2002 SP3:
http://www.microsoft.com

Microsoft Word 2003 SP2:
http://www.microsoft.com

Microsoft Word 2003 SP3:
http://www.microsoft.com

:: Riferimenti

Microsoft:
http://www.microsoft.com
http://www.microsoft.com

Secunia:
http://secunia.com/advisories/30975/

CVE Mitre:
CVE-2008-2244

FAKE MAIL WINDOWS MALICIOUS SOFTWARE REMOVAL TOOL

ATTENZIONE STA CIRCOLANDO QUESTA FALSA E-MAIL
NON SI TRATTA DI UNA MAIL SCRITTA DALLA MICROSOFTMA DI UNA FALSA E-MAIL CHE DIROTTA SU UN SITO CHE CONTIENE UN CODICE MALIGNO IN GRADO DI INFETTARE IL TUO PC BASATO SU SISTEMA WINDOWS SI UTILIZZA UNA FALLA NEL REDIRECT PRESENTE NEL BLOG http://blogs.oc.edu/ee/index.php?URL=
IL BLOG SU OC.EDU NON E’ RESPONSABILE IL VIRUS VIENE DIFFUSO DAL SITO

http://ewerl . com/ sXodJK

CAUTION THERE ARE A FAKE MAIL NOT WRITTEN BY MICROSOFT

BUT THIS FAKE CONNECT ON A SITE THAT CONTAINS A BAD CODE

THIS OPERATION IS MADE FOR DAMAGE YOUR PC SYSTEM BASED ON WINDOWS
AND DISTRIBUTE A DANGEROUS VIRUS THIS FAKE USE A SIMPLE REDIRECT PRESENT IN THIS BLOG http://blogs.oc.edu/ee/index.php?URL =

THE TRUE RESPONSIBLE IS THE BAD VIRUS SITE

http://ewerl . com/ sXodJK

About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the “Unsubscribe” link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers’ content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

Fake Twitter Profile Links To Worm

A fake profile on blogging site Twitter has a Flash Player link that installs a worm which can steal a user’s personal data.

First it was Facebook and MySpace, where messages from “friends” contained a link to install the latest Flash Player – which proved to be a worm that made the user’s computer part of a botnet. Now it’s micro-blogging site Twitter – which is the first time the site has been attacked.

The BBC reports that security company Kaspersky Lab says a fake profile on Twitter purports to have a link to a porn video. Instead it loads a fake version of Flash that in fact contains programs capable of stealing personal data. Kaspersky also discovered the worms on Facebook and MySpace.

The fake profile is in Portuguese with a name that translates to “pretty rabbit.” It exhorts people to click on the link and download Flash to view the video. The problem only affects PCs running Windows.

Alexander Gostev, a senior virus analyst at Kaspersky Lab, said:

“Unfortunately, users are very trusting of messages left by friends on social networking sites so the likelihood of a user clicking on a link like this is very high.”

Written by Christopher Nickson August 06, 2008

Source : http://news.digitaltrends.com/

McAfee slaps Trojan warning on MS Office Live

McAfee has apologised after an anti-virus update released on Monday night incorrectly identified a plug-in for Microsoft Office Live Meeting as a Trojan.

The signature update file mistakingly flagged LMCAPI.exe (a component of Live Update) as a Trojan called Swizzor. As a result the component was incorrectly deleted from thousands of desktops at one huge multinational, staffers from which informed us of the problem but requested anonymity. Techies at the firm had to roll out new versions of Live Update as well as an updated signature file that avoids the false alert.

In a statement, McAfee said the snafu affected only a “small percentage” of its enterprise customers.

The issue was rapidly identified and corrected in the signature release on Tuesday 5th August, with any customer contacting McAfee prior to the release of the corrected signature being given an additional DAT file that suppressed this incorrect identification.

McAfee Avert Labs aims to maintain a high-level of proactiveness and accuracy in its generic detection signatures and to minimise false positives, while making any required corrections as rapidly as possible. McAfee would like to apologise to any customers affected by this issue.

Faulty anti-virus signature updates are a generic problem faced by all security vendors from time to time. Previous examples have included a Kaspersky update quarantining Windows Explorer, AVG crying wolf at Adobe Reader and, more recently, both CA and McAfee decided that legitimate JavaScript apps were malign.

These are three examples of a problem we’ve written about many times in the past and for which no ready solution is apparent. Effects vary by environment and miss-diagnosed application but can run to anything from the automatic deletion of a component no-one misses to locked-up workstations in the worst cases, which are mercifully rare. ®

ARTICLE BY John Leyden

Source : http://www.channelregister.co.uk