[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Fri Dec 3 05:20:13 PST 2010

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 231	Published: Thu, 02 Dec 2010 21:12:34  GMT

New Fixlets:
============

***************************************************************
Title: Vulnerability in Google Chrome before 7.0.517.44 via a crafted SVG document
Severity: High
Fixlet ID: 1142901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11429.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4199
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

***************************************************************
Title: Denial of service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors
Severity: High
Fixlet ID: 1153701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11537.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4205
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

***************************************************************
Title: Denial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors
Severity: High
Fixlet ID: 1194901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11949.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4206
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds array index during processing of an SVG document, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 7.0.517.44 via vectors involving text control selections
Severity: High
Fixlet ID: 1213701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12137.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4201
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.

***************************************************************
Title: Vulnerability in libxml2 in Google Chrome before 7.0.517.44
Severity: Medium
Fixlet ID: 1214801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12148.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4008
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

***************************************************************
Title: Vulnerability in Google Chrome before 7.0.517.44 via a crafted HTML document
Severity: High
Fixlet ID: 1215701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12157.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4198
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google Chrome before 7.0.517.44 does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

***************************************************************
Title: Denial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors
Severity: High
Fixlet ID: 1217401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12174.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4204
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google Chrome before 7.0.517.44 accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

***************************************************************
Title: Vulnerability in WebM libvpx (aka the VP8 Codec SDK) in Google Chrome before 7.0.517.44
Severity: High
Fixlet ID: 1219801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12198.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4203
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid frames.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 7.0.517.44 via vectors involving text editing
Severity: High
Fixlet ID: 1226601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4197
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.