Sicurezza
Vulnerabilita’ in Microsoft Office
Si tratta di :Sicurezza
Descrizione del problema
Questo aggiornamento di sicurezza risolve una vulnerabilita’
relativa a Microsoft Office.
La vulnerabilita’ consente accesso ad informazioni sensibili se
l’utente visita siti web appositamente predisposti.
:: Software e Sistemi affetti
Microsoft Office XP SP3
:: Impatto
Accesso ad informazioni sensibili
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-056
http://www.microsoft.com/technet/security/bulletin/ms08-056.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-056
http://www.microsoft.com/technet/security/bulletin/ms08-056.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2807
Secunia:
http://secunia.com/advisories/32138/
SecurityFocus:
http://www.securityfocus.com/bid/31693
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4020
Vulnerabilita’ in Microsoft Message Queuing (951071)
Si tratta di :Sicurezza
Descrizione del problema
Questo aggiornamento di sicurezza risolve una vulnerabilita’
relativa a Microsoft Message Queuing Service (MSMQ) su sistemi
Microsoft Windows 2000.
La vulnerabilita’ consente ad un utente remoto l’esecuzione di codice
arbitrario su sistemi Microsoft Windows 2000 che abbiano il servizio
MSMQ abilitato.
:: Software e Sistemi affetti
Microsoft Windows 2000 SP4
:: Impatto
Esecuzione da remoto di codice arbitrario
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-065
http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-065
http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2816
Secunia:
http://secunia.com/advisories/32260/
SecurityFocus:
http://www.securityfocus.com/bid/31637
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3479
Vulnerabilita’ in Microsoft Virtual Address Descriptor (956841)
Si tratta di :Sicurezza
Descrizione del problema
Questo aggiornamento di sicurezza risolve una vulnerabilita’
relativa a Microsoft Virtual Address Descriptor.
La vulnerabilita’ consente escalation di privilegi se un utente
esegue applicazioni appositamente predisposte.
:: Software e Sistemi affetti
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 per Itanium SP1
Microsoft Windows Server 2003 per Itanium SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Microsoft Windows Server 2008 per sistemi 32-bit
Microsoft Windows Server 2008 per sistemi x64
Microsoft Windows Server 2008 per sistemi Itanium
:: Impatto
Escalation di privilegi
:: Soluzioni
Applicare la patch segnalata nel bollettino Microsoft MS08-064
http://www.microsoft.com/technet/security/bulletin/ms08-064.mspx
:: Riferimenti
Microsoft Security Bulletin MS08-064
http://www.microsoft.com/technet/security/bulletin/ms08-064.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2815
Secunia:
http://secunia.com/advisories/32251/
SecurityFocus:
http://www.securityfocus.com/bid/31675
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4036
Vulnerabilita’ multiple in Opera Web Browser
Si tratta di :Sicurezza
Descrizione del problema
Sono state riportate alcune vulnerabilita’ in Opera, che potrebbero essere
sfruttate da un attaccante per aggirare restrizioni di sicurezza, ottenere
informazioni sensibili e, potenzialmente, per compromettere un sistema utente.
: Software interessato
Versioni di Opera precedenti la 9.6
:: Impatto
Bypass dei controlli di sicurezza
Esposizione di informazioni sensibili
Esposizione di informazioni di sistema
Denial of Service
Accesso al sistema
:: Soluzione
Aggiornare Opera alla versione 9.6 :
http://www.opera.com/download/
:: Riferimenti
Opera
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
Vulnerabilita’ in Mozilla SeaMonkey 1.1.x
Si tratta di :Sicurezza
Descrizione del problema
Mozilla ha pubblicato un security advisory relativo
ad alcune vulnerabilita’ presenti nella suite SeaMonkey.
:: Piattaforme e Software interessati
SeaMonkey versioni precedenti alla 1.1.12
:: Impatto
Security restrictions bypass
Exposure of system information
Exposure of sensitive information
System access
DoS
:: Soluzione
Aggiornare SeaMonkey alla versione 1.1.12
http://www.seamonkey-project.org/releases/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
Mitre’s CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/31346
Secunia
http://secunia.com/Advisories/32010/
Red Hat
http://rhn.redhat.com/errata/RHSA-2008-0882.html
Vulnerabilita’ in Mozilla Firefox 3.x
Si tratta di :Sicurezza
Descrizione del problema
Mozilla ha pubblicato un security advisory relativo
ad alcune vulnerabilita’ presenti nel browser Firefox.
:: Piattaforme e Software interessati
Firefox versioni precedenti alla 3.0.2
:: Impatto
Security restrictions bypass
Exposure of system information
Exposure of sensitive information
System access
DoS
:: Soluzione
Aggiornare Firefox alla versione 3.0.2
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
Mitre’s CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/31346
Secunia
http://secunia.com/advisories/32011/
FrSIRT
http://www.frsirt.com/english/advisories/2008/2661
Red Hat
https://rhn.redhat.com/errata/RHSA-2008-0879.html
Ubuntu
http://www.ubuntu.com/usn/usn-645-1
http://www.ubuntu.com/usn/usn-645-2
