[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (English)'

autonotify at us.ibm.com autonotify at us.ibm.com
Tue Apr 29 02:01:13 PDT 2014 

Fixlet Site - 'Patches for Windows (English)'
Current Version: 1973	Published: Mon, 28 Apr 2014 14:51:53  GMT

New Fixlets:
============

***************************************************************
Title: 2963983: Vulnerability in Internet Explorer Could Allow Remote Code Execution - Enable Workaround
Severity: N/A
Fixlet ID: 296398301
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2963983

Fixlet Description: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. 

Important Note: Applications that render VML will no longer do so once vgx.dll has been unregistered.

***************************************************************
Title: 2963983: Vulnerability in Internet Explorer Could Allow Remote Code Execution - Disable Workaround
Severity: N/A
Fixlet ID: 296398303
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2963983

Fixlet Description: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. 

Important Note: Applications that render VML will no longer do so once vgx.dll has been unregistered.

More information about the BigFix-Announcements mailing list