Nuovo zero-day exploit per Microsoft PowerPoint

Da qualche giorno è stato individuato un nuovo exploit relativo a Microsoft PowerPoint
di Fabio Boneschi pubblicata il 23 Agosto 2006, alle 08:43 nel canale SicurezzaMicrosoft
Negli scorsi giorni è stato individuato un nuovo zero-day exploit relativo ad una falla non ancora risolta in Microsoft PowerPoint. Tale exploit permette a un possibile utente malintenzionato l'esecuzione di software malevolo agendo da remoto.
Juha-Matti Laurio, l'esperto di sicurezza che ha scovato l'exploit, afferma che tutte il problema relativo a PowerPoint si verifica con tutte le versioni di Microsoft Windows. Come riportato sul SecuriTeam blog l'unica attuale protezione possibile è data dai software antivirus le cui firme virali devono essere aggiornate.
Come riporta BetaNews.com, i siti web dei principali sviluppatori di software per la sicurezza non riportano ancora l'aggiornamento per l'exploit in oggetto ma fortunatamente le firme virali distribuite in automatico garantiscono l'individuazione del malware.
Secondo quanto riportato da Laurio, il file incriminato di diffondere il malware TROJ_SMALL.CMZ ha dimensioni di 72KB. Microsoft al momento non ha ancora confermato il problema e con ogni probabilità inserirà la patch risolutiva nel prossimo appuntamento mensile con gli update.
34 Commenti
Gli autori dei commenti, e non la redazione, sono responsabili dei contenuti da loro inseriti - infoI love microsoft
Sono queste piccole cose che mi ricordano perche sono passato a debian.....La stessa Trend Micro dice che non è un 0-day exploit, ma è un nuovo trojan che colpisce una vecchia falla già risolta.
E anche la Microsoft ha smentito.
Trend Micro says this is not a 0-day exploit, but exploit an old flaw (MS06-012).
“This Trojan is not a zero-day exploit. It attempts to exploit the Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability. It is seen that this Trojan has a similarity with other malware exploiting the said Vulnerability. Note that the shell code of the sample is actually located in the routing slip record. However, the shellcode does not manifest the said behavior.”
http://www.trendmicro.com/vinfo/vir...EBH&VSect=T
According to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center), the vulnerability has already been resolved by an update.
"Our initial investigation is that this is not a new zero-day at all," Toulouse said in an e-mail exchange with eWEEK.
[b]Anche sul blog di securiteam c'è scritto:
[SIZE=5]NOTE #2: According to the new information this is not 0-day vulnerability, it is related to patched MS06-012. [/SIZE][/b]
Quindi BASTA FARE DISINFORMAZIONE!!!
Sicuro?
Mac OS X Multiple Vulnerabilities
Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
http://secunia.com/advisories/21253/
1) An error in the AFP server within the handling of users' search results can be exploited by malicious users to gain knowledge of the names of files and folders for which the user performing the search has no access to.
Successful exploitation requires that file sharing is enabled.
2) An integer overflow error in the AFP server may be exploited by an authenticated user to execute arbitrary code with system privileges.
Successful exploitation requires that file sharing is enabled.
3) An error in the AFP server where the reconnect keys for file sharing sessions are stored world-readable can be exploited by local users to access files and folders with the privileges of another user.
Successful exploitation requires that file sharing is enabled.
4) An error in the AFP server caused due to an unchecked error condition can be exploited to crash the AFP server by sending a specially crafted invalid AFP request.
Successful exploitation requires that file sharing is enabled.
5) An error in Bom's compression state handling may be exploited to cause a heap corruption by tricking a user into opening a specially crafted corrupted ZIP archive.
Successful exploitation may allow execution of arbitrary code.
NOTE: This can be exploited automatically via the Safari browser if the "Open safe files after downloading" setting is enabled.
6) A boundary error in bootpd can be exploited to cause a stack-based buffer overflow by sending a specially crafted BOOTP request.
Successful exploitation may allow execution of arbitrary code with system privileges, but requires that bootpd is enabled (not enabled by default).
7) An error in the processing of dynamic linker options in privileged applications may be exploited by local users to influence the behavior of privileged applications by specifying options which causes output to standard error.
8) An error in the dynamic linker may be exploited by local users to specify paths used when loading libraries into an privileged application.
Successful exploitation may allow execution of arbitrary code with escalated privileges.
9) Various errors exists in the fetchmail utility.
Sicuro?
Linux Kernel SCTP_Make_Abort_User Function Buffer Overflow Vulnerability
2006-08-23
http://www.securityfocus.com/bid/19666
Linux Kernel UDF Denial of Service Vulnerability
2006-08-22
http://www.securityfocus.com/bid/19562
Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
2006-08-22
http://www.securityfocus.com/bid/19033
Linux Kernel SCTP Multiple Remote Denial of Service Vulnerabilities
2006-08-22
http://www.securityfocus.com/bid/18085
Linux Kernel SNMP NAT Helper Remote Denial of Service Vulnerability
2006-08-22
http://www.securityfocus.com/bid/18081
Linux Kernel CD-ROM Driver Local Buffer Overflow Vulnerability
2006-08-22
http://www.securityfocus.com/bid/18847
Linux Kernel PROC Filesystem Local Privilege Escalation Vulnerability
2006-08-22
http://www.securityfocus.com/bid/18992
Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability
2006-08-22
http://www.securityfocus.com/bid/19396
Linux Kernel Non-Hugemem Support Local Denial of Service Vulnerability
2006-08-22
http://www.securityfocus.com/bid/19664
Linux Kernel s/io.c/IO.C Local Denial of Service Vulnerability
2006-08-22
http://www.securityfocus.com/bid/19665
Linux Kernel SG Driver Direct IO Local Denial of Service Vulnerability
2006-08-21
http://www.securityfocus.com/bid/18101
Linux Kernel PPC970 Systems Local Denial of Service Vulnerability
2006-08-21
http://www.securityfocus.com/bid/19615
Linux Kernel IPv6 FlowLable Denial Of Service Vulnerability
2006-08-15
http://www.securityfocus.com/bid/15729
Linux Kernel POSIX Timer Cleanup Handling Local Denial of Service Vulnerability
2006-08-15
http://www.securityfocus.com/bid/15722
Linux Kernel PTraced Child Auto-Reap Local Denial of Service Vulnerability
2006-08-15
http://www.securityfocus.com/bid/15625
Linux Kernel do_coredump Denial of Service Vulnerability
2006-08-15
http://www.securityfocus.com/bid/15723
Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
2006-08-14
http://www.securityfocus.com/bid/16301
Linux Kernel DVB Driver Local Buffer Overflow Vulnerability
2006-08-14
http://www.securityfocus.com/bid/16142
Linux Kernel Sysctl_String Local Buffer Overflow Vulnerability
2006-08-14
http://www.securityfocus.com/bid/16141
Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
2006-08-14
http://www.securityfocus.com/bid/16284
Linux Kernel mq_open System Call Unspecified Denial of Service Vulnerability
2006-08-14
http://www.securityfocus.com/bid/16283
Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability
2006-08-14
http://www.securityfocus.com/bid/18874
Linux Kernel XT_SCTP-netfilter Remote Denial of Service Vulnerability
2006-08-14
http://www.securityfocus.com/bid/18550
Linux Kernel Netfilter Conntrack_Proto_SCTP.C Denial of Service Vulnerability
2006-08-14
http://www.securityfocus.com/bid/18755
Linux Kernel Signal_32.C Local Denial of Service Vulnerability
2006-08-14
http://www.securityfocus.com/bid/18616
Linux Kernel Intel EM64T SYSRET Local Denial of Service Vulnerability
2006-08-14
http://www.securityfocus.com/bid/17541
Linux Kernel Unspecified Socket Buffer Handling Remote Denial of Service Vulnerability
2006-08-11
http://www.securityfocus.com/bid/19475
Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability
2006-08-11
http://www.securityfocus.com/bid/17600
Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
2006-08-11
http://www.securityfocus.com/bid/17955
Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
2006-08-11
http://www.securityfocus.com/bid/17084
Mac OS X Multiple Vulnerabilities
Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
http://secunia.com/advisories/21253/
1) An error in the AFP server within the handling of users' search results can be exploited by malicious users to gain knowledge of the names of files and folders for which the user performing the search has no access to.
Successful exploitation requires that file sharing is enabled.
2) An integer overflow error in the AFP server may be exploited by an authenticated user to execute arbitrary code with system privileges.
Successful exploitation requires that file sharing is enabled.
3) An error in the AFP server where the reconnect keys for file sharing sessions are stored world-readable can be exploited by local users to access files and folders with the privileges of another user.
Successful exploitation requires that file sharing is enabled.
4) An error in the AFP server caused due to an unchecked error condition can be exploited to crash the AFP server by sending a specially crafted invalid AFP request.
Successful exploitation requires that file sharing is enabled.
5) An error in Bom's compression state handling may be exploited to cause a heap corruption by tricking a user into opening a specially crafted corrupted ZIP archive.
Successful exploitation may allow execution of arbitrary code.
NOTE: This can be exploited automatically via the Safari browser if the "Open safe files after downloading" setting is enabled.
6) A boundary error in bootpd can be exploited to cause a stack-based buffer overflow by sending a specially crafted BOOTP request.
Successful exploitation may allow execution of arbitrary code with system privileges, but requires that bootpd is enabled (not enabled by default).
7) An error in the processing of dynamic linker options in privileged applications may be exploited by local users to influence the behavior of privileged applications by specifying options which causes output to standard error.
8) An error in the dynamic linker may be exploited by local users to specify paths used when loading libraries into an privileged application.
Successful exploitation may allow execution of arbitrary code with escalated privileges.
9) Various errors exists in the fetchmail utility.
Non sono un fan Microsoft, ma francamente se io fossi Fammi delle critiche di un "appassionato" di informatica che manco conosce l'inglese mi farei una risata.
Senza offesa, eh.
Senza offesa, eh.
prima di tutto siamo in italia e parlare italiano e' sia una questione di educazione, che di cultura!!( parlare inglese in italia lo trovo solo sintomo di ignoranza, anzi di piu' lo vieterei per legge) secondo che me ne intenda piu' o meno di te di informatica non vuol dire: primo che su un singolo argomento non possa avere regione, e secondo ho comunque il diritto di dire la mia opinione senza che il primo super esperto si permette di sbeffeggiare. siamo qui per discutere, se vogliamo anche per ironizzare, non per fare i super saputelli che non parlano con gli inferiori! e comunque io continuo a scompisciarmi iua! iua! meno male che c' e' microscotch che ci fa divertire!!
Senza offesa, eh.
ps. conosco l' inglese! ma ripeto siccome siamo in italia... parliamo come mangiamo....
Devi effettuare il login per poter commentare
Se non sei ancora registrato, puoi farlo attraverso questo form.
Se sei già registrato e loggato nel sito, puoi inserire il tuo commento.
Si tenga presente quanto letto nel regolamento, nel rispetto del "quieto vivere".