[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Dec 9 05:20:11 PST 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 232 Published: Wed, 08 Dec 2010 21:48:00 GMT
New Fixlets:
============
***************************************************************
Title: Denial of service (memory corruption) via a Director movie with a crafted rcsL chunk in the Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615
Severity: High
Fixlet ID: 1128501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11285.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3653
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Segmentation fault vulnerability in Adobe Flash Media Server (FMS) version 3.0.x less than 3.0.7, 3.5.x less than 3.5.5, and 4.0.x less than 4.0.1
Severity: High
Fixlet ID: 1133301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11333.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3635
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability."
***************************************************************
Title: Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) version 3.0.x less than 3.0.7, 3.5.x less than 3.5.5, and 4.0.x less than 4.0.1
Severity: Medium
Fixlet ID: 1193801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11938.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3634
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors.
***************************************************************
Title: Memory leak in Adobe Flash Media Server (FMS) version 3.0.x less than 3.0.7, 3.5.x less than 3.5.5, and 4.0.x less than 4.0.1
Severity: Medium
Fixlet ID: 1195501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11955.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3633
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors.
***************************************************************
Title: Multiple heap-based buffer overflow vulnerability in vp6.w5s (aka the VP6 codec) in Winamp earlier versions 5.59 Beta build 3033
Severity: High
Fixlet ID: 1205601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12056.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1523
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
More information about the WinVulns-Announcements
mailing list