[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Dec 23 05:20:11 PST 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 233 Published: Wed, 22 Dec 2010 19:40:31 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability (during processing of Cascading Style Sheets (CSS) boxes) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1130801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11308.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3819
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: Cross-Domain Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1144701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11447.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 8.0.552.215 via vectors involving SVG animations
Severity: High
Fixlet ID: 1147501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11475.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4492
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
***************************************************************
Title: Vulnerability in JavaScript implementation in WebKit in Apple Safari before 5.0.3 versions
Severity: Medium
Fixlet ID: 1149501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11495.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3804
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
***************************************************************
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1153801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11538.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3811
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.
***************************************************************
Title: Size Value Heap Corruption in pubconv.dll Vulnerability
Severity: High
Fixlet ID: 1155501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11555.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2569
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
***************************************************************
Title: Vulnerability in Google Chrome before 8.0.552.215 via a crafted web site
Severity: Medium
Fixlet ID: 1161001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11610.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4483
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 8.0.552.215 via vectors related to history handling
Severity: High
Fixlet ID: 1163001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11630.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4486
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.
***************************************************************
Title: Integer underflow vulnerability in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1167301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11673.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3805
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.
***************************************************************
Title: Integer overflow vulnerability in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1168901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11689.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3812
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in the wholeText method in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.
***************************************************************
Title: Malformed Request Code Execution Vulnerability
Severity: High
Fixlet ID: 1173701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11737.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3964
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
***************************************************************
Title: Win32k WriteAV Vulnerability
Severity: High
Fixlet ID: 1176201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11762.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3942
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
***************************************************************
Title: Vulnerability in WebKit while processing of colors in an SVG document in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1181401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11814.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3826
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: TIFF Image Converter Heap Overflow Vulnerability
Severity: High
Fixlet ID: 1182701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11827.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3947
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability."
***************************************************************
Title: HTML Element Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1184901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11849.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3345
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability (during processing of Cascading Style Sheets (CSS) counter styles) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1189901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11899.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3822
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: Double free vulnerability in Google Chrome before 8.0.552.215 via vectors related to XPath handling
Severity: High
Fixlet ID: 1191601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11916.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4494
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
***************************************************************
Title: Denial of service vulnerability in Google Chrome before 8.0.552.215 via unspecified vectors
Severity: Medium
Fixlet ID: 1191901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11919.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4489
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 does not properly handle WebM video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. NOTE: this vulnerability exists because of a regression.
***************************************************************
Title: Win32k Double Free Vulnerability
Severity: High
Fixlet ID: 1195901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11959.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3941
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
***************************************************************
Title: Netlogon RPC Null dereference DOS Vulnerability
Severity: Medium
Fixlet ID: 1196301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11963.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2742
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
***************************************************************
Title: PICT Image Converter Integer Overflow Vulnerability
Severity: High
Fixlet ID: 1196701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11967.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3946
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
***************************************************************
Title: Vulnerability in WebKit while processing editable elements in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1197201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11972.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3820
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: Denial of service vulnerability in Google Chrome before 8.0.552.215 via a crafted extension
Severity: Medium
Fixlet ID: 1199101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11991.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4491
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.
***************************************************************
Title: Internet Connection Signup Wizard Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1199301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11993.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3144
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
***************************************************************
Title: Vulnerability (during processing of Cascading Style Sheets (CSS), 3D transforms) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1200201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12002.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3817
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: Exchange Server Infinite Loop Vulnerability
Severity: Medium
Fixlet ID: 1201901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12019.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3937
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
***************************************************************
Title: Denial of service (application crash) vulnerability in Google Chrome before 8.0.552.215 via unspecified vectors
Severity: Medium
Fixlet ID: 1203701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12037.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4488
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
***************************************************************
Title: Cross-Domain Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1205501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12055.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3348
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
***************************************************************
Title: Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors
Severity: Medium
Fixlet ID: 1205901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12059.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4482
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
***************************************************************
Title: Vulnerability in WebKit in Apple Safari before 5.0.3 versions
Severity: Medium
Fixlet ID: 1206001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12060.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3810
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.
***************************************************************
Title: Denial of service vulnerabilty in Google Chrome before 8.0.552.215 via a crafted web site
Severity: Medium
Fixlet ID: 1206201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12062.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4485
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
***************************************************************
Title: Denial of service vulnerability (during processing of inline styling) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1207901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12079.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3809
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: Arbitrary code execution vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10
Severity: High
Fixlet ID: 1210801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12108.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3765
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 8.0.552.215
Severity: Medium
Fixlet ID: 1212901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12129.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4493
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
***************************************************************
Title: Integer overflow vulnerability in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1213001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12130.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3803
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
***************************************************************
Title: FlashPix Image Converter Heap Corruption Vulnerability
Severity: High
Fixlet ID: 1215001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12150.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3952
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability."
***************************************************************
Title: Denial of service attack (during processing of editing commands) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1216001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12160.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3808
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
***************************************************************
Title: BranchCache Insecure Library Loading Vulnerability
Severity: Medium
Fixlet ID: 1216301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12163.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3966
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
***************************************************************
Title: Win32k Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1218401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12184.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3944
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
***************************************************************
Title: Heap Overrun in pubconv.dll Vulnerability
Severity: High
Fixlet ID: 1218701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12187.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2570
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
***************************************************************
Title: Win32k PFE Pointer Double Free Vulnerability
Severity: High
Fixlet ID: 1219401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12194.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3940
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
***************************************************************
Title: HTML Object Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1220401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12204.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3340
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability (first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1221601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12216.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3821
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
***************************************************************
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions via vectors involving inline text boxes
Severity: High
Fixlet ID: 1223301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12233.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3818
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.
***************************************************************
Title: Insecure Library Loading Vulnerability
Severity: Medium
Fixlet ID: 1223501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12235.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3965
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
***************************************************************
Title: Denial of service (application crash) vulnerability via unspecified vectors in Google Chrome before 8.0.552.215
Severity: Medium
Fixlet ID: 1223601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12236.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4484
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
***************************************************************
Title: CGM Image Converter Buffer Overrun Vulnerability
Severity: High
Fixlet ID: 1224901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12249.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3945
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
***************************************************************
Title: Insecure Library Loading Vulnerability
Severity: Medium
Fixlet ID: 1225001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12250.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3967
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
***************************************************************
Title: Win32k Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 1225201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12252.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3939
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
***************************************************************
Title: Use-after-free vulnerability (via vectors involving scrollbars) in WebKit in Apple Safari before 5.0.3 versions
Severity: High
Fixlet ID: 1225501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12255.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3816
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
***************************************************************
Title: Array Indexing Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1227701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12277.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3955
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
***************************************************************
Title: Uninitialized Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1227901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12279.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3962
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
***************************************************************
Title: OpenType CMAP Table Vulnerability
Severity: Medium
Fixlet ID: 1228001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12280.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3959
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
***************************************************************
Title: Denial of service vulnerability in Google Chrome before 8.0.552.215 via malformed video content that triggers an indexing error
Severity: High
Fixlet ID: 1228401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12284.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4490
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
***************************************************************
Title: TIFF Image Converter Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1228901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12289.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3950
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability in WebKit in Apple Safari before 5.0.3 versions
Severity: Medium
Fixlet ID: 1229301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12293.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3813
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to bypass the DNS prefetching setting via an HTML LINK element, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
***************************************************************
Title: Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability
Severity: High
Fixlet ID: 1229801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12298.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2571
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
***************************************************************
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions via vectors involving SVG use elements
Severity: High
Fixlet ID: 1230001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12300.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3824
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.
***************************************************************
Title: Task Scheduler Vulnerability
Severity: High
Fixlet ID: 1230401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12304.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3338
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
***************************************************************
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions via vectors involving Geolocation objects
Severity: High
Fixlet ID: 1230601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12306.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3823
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.
***************************************************************
Title: Win32k Cursor Linking Vulnerability
Severity: High
Fixlet ID: 1231701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12317.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3943
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
***************************************************************
Title: HTML Element Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1232201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12322.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3346
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
***************************************************************
Title: Consent UI Impersonation Vulnerability
Severity: High
Fixlet ID: 1232301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12323.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3961
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
***************************************************************
Title: OpenType Font Double Free Vulnerability
Severity: Medium
Fixlet ID: 1232901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12329.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3957
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
***************************************************************
Title: FlashPix Image Converter Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 1235001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12350.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3951
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."
***************************************************************
Title: Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1235201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12352.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3147
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability."
***************************************************************
Title: OpenType Font Index Vulnerability
Severity: High
Fixlet ID: 1235701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12357.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3956
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
***************************************************************
Title: Hyper-V VMBus Vulnerability
Severity: Medium
Fixlet ID: 1235901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12359.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3960
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
***************************************************************
Title: HTML Object Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1237201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12372.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3343
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
***************************************************************
Title: Microsoft Publisher Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1238101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12381.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3954
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
***************************************************************
Title: TIFF Image Converter Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 1238701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12387.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3949
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."
More information about the WinVulns-Announcements
mailing list