[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Aug 6 05:20:09 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 210 Published: Thu, 05 Aug 2010 20:30:46 GMT
New Fixlets:
============
***************************************************************
Title: use-after-free vulnerability in WebKit in Apple Safari before 5.0.1
Severity: High
Fixlet ID: 1096401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval10964.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1780
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus
***************************************************************
Title: Information Disclosure in Opera before 10.50 due to failure to restrict third-party domains from accessing certain widget properties.
Severity: Medium
Fixlet ID: 1109601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11096.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2659
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.
***************************************************************
Title: The AutoFill feature in Apple Safari before 5.0.1
Severity: Low
Fixlet ID: 1111201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11112.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1796
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The AutoFill feature in Apple Safari before 5.0.1 allows remote attackers to obtain sensitiveAddress Book Card information via JavaScript code that forces keystroke events for input fields.
***************************************************************
Title: Popup blocker bypass in Opera before 10.60 via a javascript: URL and a "fake click."
Severity: Medium
Fixlet ID: 1115701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11157.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2662
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."via a javascript: URL and a "fake click."
***************************************************************
Title: Denial of service in Opera before 10.60 via an ended event handler that changes the SRC attribute of an AUDIO element.
Severity: Medium
Fixlet ID: 1117001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11170.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.
***************************************************************
Title: Multiple unspecified vulnerabilities in Opera before 10.64
Severity: High
Fixlet ID: 1135201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11352.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2421
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
***************************************************************
Title: Cross-Site Scripting in Opera before 10.54 related to incorrect detection of the "opening site."
Severity: Medium
Fixlet ID: 1136201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11362.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2665
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."
***************************************************************
Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Severity: Low
Fixlet ID: 1148801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11488.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2285
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
***************************************************************
Title: Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 related to JavaScript string object.
Severity: High
Fixlet ID: 1152401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11524.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1789
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
***************************************************************
Title: Information Disclosure in Opera before 10.54 due to failure to restrict certain uses of homograph characters in domain names.
Severity: Medium
Fixlet ID: 1160301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11603.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2660
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.
***************************************************************
Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Severity: Low
Fixlet ID: 1160801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11608.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2283
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
***************************************************************
Title: Denial of service in Opera 9.52 via JavaScript code containing an infinite loops.
Severity: Medium
Fixlet ID: 1162201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11622.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2121
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
***************************************************************
Title: Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1
Severity: Medium
Fixlet ID: 1163901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11639.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1778
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
***************************************************************
Title: Denial of service in Opera before 10.60 due to failure to handle unclosed SPAN elements with absolute positioning.
Severity: Medium
Fixlet ID: 1164001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11640.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.
***************************************************************
Title: Denial of service in Opera 9.52 due to failure to restrict the execution of mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL.
Severity: Medium
Fixlet ID: 1166401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11664.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1989
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181.
***************************************************************
Title: Information Disclosure in Opera before 10.54 due to failure to restrict access to the full pathname of a file selected for upload.
Severity: Medium
Fixlet ID: 1166901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11669.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2661
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.
***************************************************************
Title: The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1
Severity: High
Fixlet ID: 1176601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11766.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1784
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 related to reentrancy issue.
Severity: High
Fixlet ID: 1177701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11777.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1790
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.1, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."
***************************************************************
Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Severity: Low
Fixlet ID: 1179201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11792.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2286
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
***************************************************************
Title: Integer signedness error in WebKit in Apple Safari before 5.0.1 related to vectors involving a JavaScript array index.
Severity: High
Fixlet ID: 1180201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11802.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1791
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in WebKit in Apple Safari before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 Denial of Servece vulnerability
Severity: High
Fixlet ID: 1182001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11820.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1783
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.1,does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
***************************************************************
Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Severity: High
Fixlet ID: 1183601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11836.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2287
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
***************************************************************
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 related to foreignObject element in an SVG document.
Severity: High
Fixlet ID: 1183701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11837.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1786
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.
***************************************************************
Title: Remote code execution in Opera before 10.60 due to failure to prevent certain double-click operations from running a program located on a web site.
Severity: High
Fixlet ID: 1185601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11856.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2657
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
***************************************************************
Title: Arbitrary file upload in Opera before 10.60 due to failure to restrict certain interaction between plug-ins, file inputs, and the clipboard.
Severity: Medium
Fixlet ID: 1186201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11862.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2658
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 related to a floating element in an SVG document.
Severity: High
Fixlet ID: 1187701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11877.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1787
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.
***************************************************************
Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Severity: High
Fixlet ID: 1188801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11888.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2284
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 related to crafted regular expression.
Severity: High
Fixlet ID: 1189801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11898.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1792
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.
***************************************************************
Title: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 related to font-face or use element in an SVG document.
Severity: High
Fixlet ID: 1192301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11923.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1793
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
***************************************************************
Title: Denial of service in Opera before 10.53 due to failure to handle a series of document modifications that occur asynchronously.
Severity: High
Fixlet ID: 1192701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11927.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1728
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes marquee sequences in an infinite loop, leading to attempted use of uninitialized memory.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 denial of service vulnerability related to the rendering of an inline element
Severity: High
Fixlet ID: 1193501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11935.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1782
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 memory accesses vulnerability
Severity: High
Fixlet ID: 1194101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11941.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1785
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
***************************************************************
Title: Remote code execution in Opera before 10.54 due to failure to enforce permission requirements for widget filesystem access and directory selection
Severity: High
Fixlet ID: 1195001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11950.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2666
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
***************************************************************
Title: Denial of service in Opera 9.52 due to failure to handle an IFRAME element with a mailto: URL in its SRC attribute.
Severity: Medium
Fixlet ID: 1195201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11952.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1993
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
***************************************************************
Title: Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 1196101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11961.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2755
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
***************************************************************
Title: WebKit in Apple Safari before 5.0.1 related to a use element in an SVG document.
Severity: High
Fixlet ID: 1196201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11962.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1788
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.
More information about the WinVulns-Announcements
mailing list