[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Jun 26 05:20:19 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 202 Published: Fri, 25 Jun 2010 17:38:21 GMT
New Fixlets:
============
***************************************************************
Title: Excel Memory Corruption Vulnerability
Severity: High
Fixlet ID: 663001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6630.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1247
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249
***************************************************************
Title: Excel Memory Corruption Vulnerability
Severity: High
Fixlet ID: 663401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6634.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1249
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247
***************************************************************
Title: MJPEG Media Decompression Vulnerability
Severity: High
Fixlet ID: 664101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6641.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1880
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
***************************************************************
Title: toStaticHTML Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 667701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6677.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1257
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
***************************************************************
Title: HTML Element Memory Corruption Vulnerability
Severity: High
Fixlet ID: 668601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6686.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1260
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 675801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6758.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2182
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Excel Record Stack Corruption Vulnerability
Severity: High
Fixlet ID: 676101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6761.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1251
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability
***************************************************************
Title: Adobe Flash Player Invalid Pointer Vulnerability
Severity: High
Fixlet ID: 676201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6762.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2173
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An invalid pointer vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Use-After-Free Vulnerability
Severity: High
Fixlet ID: 676501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6765.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2164
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use after free vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Integer Overflow Vulnerability
Severity: High
Fixlet ID: 676601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6766.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2170
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Excel Record Memory Corruption Vulnerability
Severity: High
Fixlet ID: 676801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6768.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0824
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
***************************************************************
Title: Excel Record Parsing Memory Corruption Vulnerability
Severity: High
Fixlet ID: 677101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6771.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0821
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245."
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 678101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6781.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2165
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Excel RTD Memory Corruption Vulnerability
Severity: High
Fixlet ID: 683901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6839.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1246
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel RTD Memory Corruption Vulnerability.
***************************************************************
Title: Excel ADO Object Vulnerability
Severity: High
Fixlet ID: 684201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6842.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1253
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel ADO Object Vulnerability
***************************************************************
Title: Excel Record Memory Corruption Vulnerability
Severity: High
Fixlet ID: 687701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6877.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1245
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 690301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6903.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2175
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Apache 'mod_proxy_http' Timeout Detection Vulnerability
Severity: Medium
Fixlet ID: 693101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6931.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2068
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 694601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6946.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2188
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Win32k Window Creation Vulnerability
Severity: Medium
Fixlet ID: 694801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6948.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0485
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 699101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6991.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2189
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system. Note: This issue occurs only on VMWare systems with VMWare Tools enabled.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 699901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6999.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2171
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 701401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7014.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2180
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: OpenType CFF Font Driver Memory Corruption Vulnerability
Severity: High
Fixlet ID: 707201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7072.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0819
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 709601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7096.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2177
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Denial of Service Vulnerability
Severity: High
Fixlet ID: 711801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7118.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2186
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A denial of service issue has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This issue could cause the application to crash.
***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-1261)
Severity: High
Fixlet ID: 712401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7124.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1261
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
***************************************************************
Title: Adobe Flash Player URL Parsing Vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only)
Severity: Medium
Fixlet ID: 712601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7126.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2179
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A URL parsing vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Cross-Domain Information Disclosure Vulnerability (CVE-2010-0255)
Severity: High
Fixlet ID: 714501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7145.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0255
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
***************************************************************
Title: IIS Authentication Memory Corruption Vulnerability
Severity: High
Fixlet ID: 714901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7149.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1256
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
***************************************************************
Title: XML Signature HMAC Truncation Authentication Bypass Vulnerability
Severity: Medium
Fixlet ID: 715801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0217
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
***************************************************************
Title: Adobe Flash Player Heap Corruption Vulnerability
Severity: High
Fixlet ID: 716601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7166.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2162
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A heap corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 718701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7187.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4546
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A denial of service issue has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This issue could cause the application to crash.
***************************************************************
Title: Adobe Flash Player Memory Exhaustion Vulnerability
Severity: High
Fixlet ID: 720501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7205.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3793
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory exhaustion vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Excel HFPicture Memory Corruption Vulnerability
Severity: High
Fixlet ID: 722301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7223.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1248
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel HFPicture Memory Corruption Vulnerability
***************************************************************
Title: Excel Memory Corruption Vulnerability
Severity: High
Fixlet ID: 724001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7240.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0823
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.
***************************************************************
Title: Sharepoint Help Page Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 724101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7241.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1264
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."
***************************************************************
Title: Excel Object Stack Overflow Vulnerability
Severity: High
Fixlet ID: 726501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7265.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0822
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Object Stack Overflow Vulnerability.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 726601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2187
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Pointer Memory Corruption
Severity: High
Fixlet ID: 727601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7276.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2169
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A pointer memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Integer Overflow Vulnerability
Severity: High
Fixlet ID: 727801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7278.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2183
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Win32k TrueType Font Parsing Vulnerability
Severity: Medium
Fixlet ID: 728301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7283.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1255
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
***************************************************************
Title: COM Validation Vulnerability
Severity: High
Fixlet ID: 728601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7286.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1263
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Office file, related to COM object instantiation, aka "COM Validation Vulnerability
***************************************************************
Title: Adobe Flash Player Out Of Bounds Memory Indexing Vulnerability
Severity: High
Fixlet ID: 730301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7303.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2161
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An indexing vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-1259)
Severity: High
Fixlet ID: 732401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7324.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1259
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 733401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7334.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2184
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Integer Overflow Vulnerability
Severity: High
Fixlet ID: 734201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7342.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2181
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 736401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7364.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2178
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Excel String Variable Vulnerability
Severity: High
Fixlet ID: 736901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7369.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1252
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability
***************************************************************
Title: Memory Corruption Vulnerability (CVE-2010-1262)
Severity: High
Fixlet ID: 740601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7406.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1262
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Memory Corruption Vulnerability."
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 741501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7415.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2176
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 743101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7431.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2166
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Help.aspx XSS Vulnerability
Severity: Medium
Fixlet ID: 746801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7468.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0817
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
***************************************************************
Title: Adobe Flash Player Multiple Heap Overflow Vulnerabilities
Severity: High
Fixlet ID: 749101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7491.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2167
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple heap vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Microsoft Internet Explorer 8 Developer Tools Vulnerability
Severity: High
Fixlet ID: 749201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7492.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0811
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 and R2, and Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state."
***************************************************************
Title: Adobe Flash Player Multiple Vulnerabilities that could lead to code execution
Severity: High
Fixlet ID: 750101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7501.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2163
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Memory Exhaustion Vulnerability
Severity: High
Fixlet ID: 750801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7508.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2160
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A memory corruption vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Media Decompression Vulnerability
Severity: High
Fixlet ID: 751701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1879
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."
***************************************************************
Title: Adobe Flash Player Invalid Pointer Vulnerability
Severity: High
Fixlet ID: 752801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7528.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2174
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An invalid pointer vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Adobe Flash Player Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 757701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7577.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2185
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A buffer overflow vulnerability has been identified in Adobe Flash Player version 10.0.45.2 and earlier. This vulnerability could cause the application to crash and could potentially allow an attacker to take control of the affected system.
***************************************************************
Title: Excel EDG Memory Corruption Vulnerability
Severity: High
Fixlet ID: 759301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1250
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel EDG Memory Corruption Vulnerability
***************************************************************
Title: Win32k Improper Data Validation Vulnerability
Severity: Medium
Fixlet ID: 760901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7609.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0484
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via unknown vectors, aka "Win32k Improper Data Validation Vulnerability."
More information about the WinVulns-Announcements
mailing list