[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: VulnerabilitiestoWindowsSystems
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Dec 22 05:20:16 PST 2009
Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 194 Published: Tue, 22 Dec 2009 00:35:55 GMT
New Fixlets:
============
***************************************************************
Title: Adobe Shockwave Player before 11.5.2.602 allows Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 567701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5677.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3463
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Adobe Shockwave Player before 11.5.2.602 allows arbitrary Code Execution invalid pointer Vulnerability
Severity: High
Fixlet ID: 572201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5722.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3465
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability,". NOTE: some of these details are obtained from third party information.
***************************************************************
Title: "SITE SET TRANSFERPROGRESS ON" FTP Command Denial of Service Vulnerability in Rhino Software Serv-U
Severity: Medium
Fixlet ID: 579801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5798.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3655
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
***************************************************************
Title: Apple Safari Local HTML Files Information Disclosure Vulnerability.
Severity: Medium
Fixlet ID: 591501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5915.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2842
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
***************************************************************
Title: Wireshark Integer overflow vulnerability in wiretap/erf.c
Severity: High
Fixlet ID: 597901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5979.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3829
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
***************************************************************
Title: Wireshark DoS Vulnerability due to the DCERPC/NT dissector
Severity: Medium
Fixlet ID: 600501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6005.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3550
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Avast! Home and Professional 'aavmKer4.sys' Memory Corruption Vulnerability
Severity: Medium
Fixlet ID: 602401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6024.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: aavmKer4.sys in Avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
***************************************************************
Title: Wireshark Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector to cause DoS Vulnerability
Severity: Medium
Fixlet ID: 604901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6049.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3551
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: "Stack-based buffer overflow in the TEA decoding algorithm in Rhino Software Serv-U
Severity: High
Fixlet ID: 614201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6142.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4006
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexidecimal string.
***************************************************************
Title: Adobe Flash Player unspecified information disclosure
Severity: Medium
Fixlet ID: 616001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6160.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0521
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.
***************************************************************
Title: Avast! Home and Professional 'aswMon2.sys' Stack-based Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 622601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6226.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in aswMon2.sys in Avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.
***************************************************************
Title: Project Memory Validation Vulnerability
Severity: High
Fixlet ID: 629801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6298.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0102
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
***************************************************************
Title: WebKit in Apple Safari Multiple Unspecified Vulnerabilities.
Severity: High
Fixlet ID: 636201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6362.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3384
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
***************************************************************
Title: Memory corruption error in Opera before 10.01 when processing malformed domain names
Severity: Medium
Fixlet ID: 638401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6384.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3832
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
***************************************************************
Title: Opera before 10.10 allows to obtain sensitive information and XSS attacks
Severity: Low
Fixlet ID: 638501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6385.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
***************************************************************
Title: Wireshak Denial of Service vulnerability caused by packet-paltalk.c in the Paltalk dissector
Severity: Medium
Fixlet ID: 639101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6391.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3549
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
***************************************************************
Title: Adobe Shockwave Player before 11.5.2.602 allows Remote Code Execution invalid pointer Vulnerability
Severity: High
Fixlet ID: 639401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6394.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3464
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability,". NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Adobe Shockwave Player before 11.5.2.602 allows Remote Code Execution invalid string length Vulnerability
Severity: High
Fixlet ID: 639501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6395.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3466
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Maxthon Browser Address Bar Spoofing Vulnerability
Severity: Medium
Fixlet ID: 643701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6437.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3006
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
***************************************************************
Title: Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
Severity: High
Fixlet ID: 647001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6470.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0519
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
***************************************************************
Title: WebKit in Apple Safari Numeric Character References Remote Memory Corruption Vulnerability.
Severity: Medium
Fixlet ID: 647501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6475.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3016
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
***************************************************************
Title: Avast! Home and Professional 'ashWsFtr.dll' Unspecified Vulnerability
Severity: High
Fixlet ID: 650901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6509.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in ashWsFtr.dll in Avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
***************************************************************
Title: OPTIONS Request in WebKit in Apple Safari Cross-Site Request Forgery (CSRF) Vulnerability.
Severity: Medium
Fixlet ID: 651601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6516.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2816
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
***************************************************************
Title: Maxthon Browser Cross-Site Scripting Vulnerability
Severity: Medium
Fixlet ID: 652401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6524.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3018
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header.
***************************************************************
Title: Adobe Shockwave Player before 11.5.2.602 allows to cause a denial of service and possibly execute arbitrary code
Severity: High
Fixlet ID: 653001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6530.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3244
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
***************************************************************
Title: Opera before 10.10 has unknown impact and attack vectors vulnerability
Severity: High
Fixlet ID: 654301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6543.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4072
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a moderately severe issue.
***************************************************************
Title: Memory corruption error in Opera before 10.01 when processing malformed domain names
Severity: High
Fixlet ID: 657401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6574.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3831
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
***************************************************************
Title: Adobe Flash Player Invalid Object Reference Remote Code Execution
Severity: High
Fixlet ID: 659301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0520
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
***************************************************************
Title: Adobe Flash Player Settings Manager May Let Remote Users Conduct Clickjacking Attacks
Severity: Medium
Fixlet ID: 666201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6662.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0114
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
***************************************************************
Title: Adobe Flash Player Mouse Pointer Display Issue May Let Remote Users Conduct Clickjacking Attacks
Severity: Medium
Fixlet ID: 667401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6674.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0522
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
***************************************************************
Title: AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability.
Severity: High
Fixlet ID: 670401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6704.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3658
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The AOL SuperBuddy ActiveX control version 9.5.0.1 and prior on windows, could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to visit a specially-crafted Web page that passes an argument to the insecure SetSuperBuddy() method, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the vulnerable system.
***************************************************************
Title: Adobe Reader and Acrobat Unspecified Code Execution Vulnerability
Severity: High
Fixlet ID: 679501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6795.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4324
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and earlier has unknown impact and attack vectors, as exploited in the wild in December 2009.
More information about the WinVulns-Announcements
mailing list