[Winvulns-announcements] WinVulns-Announcements Digest, Vol 22, Issue 1
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Nov 5 05:00:08 PST 2010
D
----- Original Message -----
From: winvulns-announcements-request
Sent: 11/05/2010 04:26 AM PST
To: winvulns-announcements at bigmail.bigfix.com
Subject: WinVulns-Announcements Digest, Vol 22, Issue 1
Send WinVulns-Announcements mailing list submissions to
winvulns-announcements at bigmail.bigfix.com
To subscribe or unsubscribe via the World Wide Web, visit
http://bigmail.bigfix.com/mailman/listinfo/winvulns-announcements
or, via email, send a message with subject or body 'help' to
winvulns-announcements-request at bigmail.bigfix.com
You can reach the person managing the list at
winvulns-announcements-owner at bigmail.bigfix.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of WinVulns-Announcements digest..."
Today's Topics:
1. BES Auto Notification: New Fixlets Published in Fixlet Site:
'Vulnerabilities to Windows Systems'
(Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
----------------------------------------------------------------------
Message: 1
Date: Fri, 5 Nov 2010 05:20:10 -0700
From: Notification of New Vulnerabilties to Windows Systems Fixlet
Messages <winvulns-announcements at bigmail.bigfix.com>
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
To: winvulns-announcements at bigmail.bigfix.com
Message-ID:
<55840fd5-1650-4bb5-9c32-fcbb848b434d at ECXHTCAS01.bigfix.com>
Content-Type: text/plain; charset="us-ascii"
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 226 Published: Thu, 04 Nov 2010 17:19:55 GMT
New Fixlets:
============
***************************************************************
Title: Buffer overflow vulnerability in kavfm.sys in Kingsoft Antivirus 2010.7.30.201 and earlier
Severity: High
Fixlet ID: 665001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6650.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3396
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Windows Media Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 665301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6653.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2745
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
***************************************************************
Title: Denial of service vulnerability in Google Chrome before 7.0.517.41
Severity: High
Fixlet ID: 665401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6654.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
***************************************************************
Title: Windows MFC Document Title Updating Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 669601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6696.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3227
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
***************************************************************
Title: Adobe Reader and Acrobat Prefix Protocol Handler Code Execution Vulnerability.
Severity: High
Fixlet ID: 677201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6772.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
***************************************************************
Title: Google Chrome before 7.0.517.41 does not properly handle forms
Severity: High
Fixlet ID: 677501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6775.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4034
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
***************************************************************
Title: Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors
Severity: Medium
Fixlet ID: 679001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6790.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4037
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.
***************************************************************
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Severity: Medium
Fixlet ID: 679101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6791.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3657
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.
***************************************************************
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Severity: High
Fixlet ID: 683001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6830.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2890
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
***************************************************************
Title: Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47
Severity: High
Fixlet ID: 684301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6843.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2600
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.
***************************************************************
Title: Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms
Severity: High
Fixlet ID: 686701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6867.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4035
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
***************************************************************
Title: Untrusted search path vulnerability in Adobe Flash Player version less than or equal to 10.2.161.23
Severity: High
Fixlet ID: 692601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6926.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3976
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Adobe Flash Player 10.1.82.76, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash.
***************************************************************
Title: Adobe Reader and Acrobat Code Execution via crafted image Vulnerability.
Severity: High
Fixlet ID: 700701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7007.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3629
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
***************************************************************
Title: Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Severity: High
Fixlet ID: 700901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7009.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2889
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
***************************************************************
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Severity: High
Fixlet ID: 705701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7057.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3632
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.
***************************************************************
Title: Untrusted search path vulnerability in Microsoft Visio 2003
Severity: High
Fixlet ID: 712201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7122.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3148
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Visio 2003 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .vtx file.
***************************************************************
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Severity: High
Fixlet ID: 713801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7138.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3622
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
***************************************************************
Title: Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality
Severity: Medium
Fixlet ID: 715901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7159.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4033
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
***************************************************************
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Severity: High
Fixlet ID: 722501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7225.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3658
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
***************************************************************
Title: Adobe Reader and Acrobat ActiveX Multiple Input Validation Code Execution Vulnerabilities.
Severity: High
Fixlet ID: 734801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7348.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2888
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.
***************************************************************
Title: Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability.
Severity: High
Fixlet ID: 735601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3627
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.
***************************************************************
Title: Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software
Severity: Medium
Fixlet ID: 736001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7360.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3741
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
***************************************************************
Title: Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Severity: High
Fixlet ID: 738201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7382.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3626
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.
***************************************************************
Title: Memory Corruption via unspecified vectors vulnerability in Adobe Reader and Acrobat.
Severity: High
Fixlet ID: 738501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7385.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3619
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
***************************************************************
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Severity: High
Fixlet ID: 738601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7386.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3621
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
***************************************************************
Title: Adobe Reader and Acrobat Denial of Service and Arbitrary Code Execution Vulnerability.
Severity: High
Fixlet ID: 739301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7393.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3630
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Adobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability.
Severity: High
Fixlet ID: 745501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7455.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3628
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.
***************************************************************
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Severity: Medium
Fixlet ID: 748401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7484.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3656
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.
***************************************************************
Title: Adobe Reader and Acrobat Image Parsing Code Execution Vulnerability.
Severity: High
Fixlet ID: 758901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7589.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3620
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
***************************************************************
Title: Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.
Severity: Medium
Fixlet ID: 762701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7627.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4036
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.
***************************************************************
Title: Google Chrome before 7.0.517.41 does not properly handle animated GIF images
Severity: High
Fixlet ID: 764601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7646.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4040
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
***************************************************************
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9
Severity: High
Fixlet ID: 1151701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3174
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Pointer leakage vulnerability in Internet Explorer
Severity: Medium
Fixlet ID: 1160601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11606.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3886
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
***************************************************************
Title: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: High
Fixlet ID: 1167501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11675.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3179
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
***************************************************************
Title: Memory corruption vulnerability in Opera version less than 10.63.3516.0
Severity: Medium
Fixlet ID: 1169901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11699.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4050
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.
***************************************************************
Title: Vulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: High
Fixlet ID: 1189101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11891.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3183
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document.
***************************************************************
Title: Information disclosure vulnerability in Opera version less than 10.63.3516.0 using a video stream as HTML5 canvas content
Severity: Medium
Fixlet ID: 1193701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11937.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
***************************************************************
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5
Severity: High
Fixlet ID: 1194301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11943.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3175
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: User-assisted remote web servers to cause a denial of service in Opera version less than 10.63.3516.0
Severity: Medium
Fixlet ID: 1205401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12054.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4048
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.
***************************************************************
Title: Cross-site scripting (XSS) and URL spoofing vulnerability in Opera version less than 10.63.3516.0
Severity: High
Fixlet ID: 1207101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12071.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4045
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
***************************************************************
Title: Win32k Window Class Vulnerability
Severity: High
Fixlet ID: 1208501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12085.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2744
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Vulnerability."
***************************************************************
Title: Cross-site scripting (XSS) attacks via a crafted web site in Opera version less than 10.63.3516.0
Severity: Medium
Fixlet ID: 1211501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12115.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4047
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
***************************************************************
Title: Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: Medium
Fixlet ID: 1211601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12116.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3181
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.
***************************************************************
Title: Vulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: High
Fixlet ID: 1211801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12118.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3173
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
***************************************************************
Title: Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 via crafted HTML document
Severity: Medium
Fixlet ID: 1212001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12120.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3178
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
***************************************************************
Title: Denial of service in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: High
Fixlet ID: 1213201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12132.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3176
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: URL spoofing vulnerability in Opera version less than 10.63.3516.0
Severity: Medium
Fixlet ID: 1213501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12135.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4044
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.
***************************************************************
Title: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: High
Fixlet ID: 1215801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3180
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.
***************************************************************
Title: Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9
Severity: Medium
Fixlet ID: 1220201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12202.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3177
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
***************************************************************
Title: Information disclosure vulnerability in Opera version less than 10.63.3516.0 via a crafted cross-origin document
Severity: Medium
Fixlet ID: 1220801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12208.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
***************************************************************
Title: Untrusted search path vulnerability in Microsoft Windows Progman Group Converter
Severity: High
Fixlet ID: 1220901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12209.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3139
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.
***************************************************************
Title: Win32k Reference Count Vulnerability
Severity: High
Fixlet ID: 1221501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12215.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2549
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
***************************************************************
Title: SSL Server X.509 Ceritificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Severity: Medium
Fixlet ID: 1225401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12254.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3170
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
***************************************************************
Title: Denial of service (application crash) vulnerability in Opera version less than 10.63.3516.0
Severity: Medium
Fixlet ID: 1226301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12263.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4049
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
------------------------------
_______________________________________________
WinVulns-Announcements mailing list
WinVulns-Announcements at bigmail.bigfix.com
http://bigmail.bigfix.com/mailman/listinfo/winvulns-announcements
End of WinVulns-Announcements Digest, Vol 22, Issue 1
*****************************************************
More information about the WinVulns-Announcements
mailing list