[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: VulnerabilitiestoWindowsSystems
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Oct 8 05:20:04 PDT 2009
Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 188 Published: Wed, 07 Oct 2009 17:29:17 GMT
New Fixlets:
============
***************************************************************
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow Visual truncation vulnerability
Severity: Medium
Fixlet ID: 541801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5418.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
***************************************************************
Title: Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark, which triggers an assertion failure.
Severity: Medium
Fixlet ID: 542301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5423.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3242
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
***************************************************************
Title: Windows Media Playback Memory Corruption Vulnerability
Severity: High
Fixlet ID: 553101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5531.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2499
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."
***************************************************************
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow dangling pointer vulnerability
Severity: High
Fixlet ID: 560601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5606.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3077
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
***************************************************************
Title: DOS vulnerability in the AFS dissector in Wireshark.
Severity: Medium
Fixlet ID: 562501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5625.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2562
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
***************************************************************
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow multiple DOS Vulnerabilities
Severity: High
Fixlet ID: 571701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5717.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3075
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Pidgin 2.6.0 and prior does not follow the require TLS/SSL preference
Severity: Medium
Fixlet ID: 575701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5757.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3026
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
***************************************************************
Title: Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.
Severity: High
Fixlet ID: 577701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5777.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1725
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
***************************************************************
Title: DOS vulnerability in the sFlow dissector in Wireshark.
Severity: Medium
Fixlet ID: 579501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5795.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2561
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
***************************************************************
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow Denial of Service Vulnerability
Severity: High
Fixlet ID: 590501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5905.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: DOS vulnerability in the OpcUa (OPC UA) dissector in Wireshark.
Severity: High
Fixlet ID: 616201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6162.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3241
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
***************************************************************
Title: Pidgin 2.6.0 and prior allow to cause a denial of service via Yahoo IM.
Severity: Medium
Fixlet ID: 616701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6167.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3025
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
***************************************************************
Title: Windows Media Header Parsing Invalid Free Vulnerability
Severity: High
Fixlet ID: 625701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6257.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2498
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
***************************************************************
Title: Apple QuickTime before 7.6.4 allows Heap-based buffer overflow Vulnerability
Severity: High
Fixlet ID: 625801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6258.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2798
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
***************************************************************
Title: DHTML Editing Component ActiveX Control Vulnerability
Severity: High
Fixlet ID: 627101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6271.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2519
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
***************************************************************
Title: Microsoft Internet Explorer 7 printing DoS attack vulnerability
Severity: Medium
Fixlet ID: 628101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6281.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3270
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
***************************************************************
Title: JScript Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 631601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6316.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1920
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
***************************************************************
Title: Pidgin before 2.5.9 allow denial of service via SLP (aka MSNSLP) messages
Severity: High
Fixlet ID: 632001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6320.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
***************************************************************
Title: DOS vulnerability in the Infiniband dissector in Wireshark.
Severity: High
Fixlet ID: 632101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6321.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2563
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
***************************************************************
Title: Pidgin before 2.6.2 allow denial of service via SLP invite message
Severity: Medium
Fixlet ID: 632201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6322.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3083
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.
***************************************************************
Title: Pidgin before 2.6.2 allow denial of service via handwritten (aka Ink) message
Severity: Medium
Fixlet ID: 633801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6338.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3084
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.
***************************************************************
Title: TCP/IP Zero Window Size Vulnerability
Severity: High
Fixlet ID: 634001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6340.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
***************************************************************
Title: Opera 9.52 and earlier allows to cause denial of service Vulnerability
Severity: Medium
Fixlet ID: 635001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6350.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7245
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
***************************************************************
Title: Opera before 10.00 does not check all intermediate X.509 certificates for revocation
Severity: Medium
Fixlet ID: 635701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6357.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.
***************************************************************
Title: Opera 'keygen' HTML Tag Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 635801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3269
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
***************************************************************
Title: TCP/IP Timestamps Code Execution Vulnerability
Severity: High
Fixlet ID: 637401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6374.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1925
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
***************************************************************
Title: Wireless Frame Parsing Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 638901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6389.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1132
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
***************************************************************
Title: Mozilla Firefox 3.5.x before 3.5.3 JavaScript engine allow denial of service Vulnerability
Severity: High
Fixlet ID: 639801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6398.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3073
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Apple QuickTime before 7.6.4 allows Heap-based buffer overflow and DOS Vulnerabilities
Severity: High
Fixlet ID: 640501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2799
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.
***************************************************************
Title: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause DOS.
Severity: Medium
Fixlet ID: 641601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6416.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2560
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (crash) via unspecified vectors in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors. NOTE: the RADIUS dissector vulnerability also affects 1.0.8.
***************************************************************
Title: Pidgin before 2.6.2 allow denial of service via XHTML-IM content
Severity: Medium
Fixlet ID: 643401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6434.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3085
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
***************************************************************
Title: Opera before 10.00 does not properly handle a \0 character or invalid wildcard character
Severity: Medium
Fixlet ID: 644401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6444.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3044
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
***************************************************************
Title: Opera before 10.00 allow remote attacks to spoof URLs
Severity: Medium
Fixlet ID: 646001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6460.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3047
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
More information about the WinVulns-Announcements
mailing list