[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Nov 17 05:36:55 PST 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 228 Published: Tue, 16 Nov 2010 21:52:54 GMT
New Fixlets:
============
***************************************************************
Title: Office Art Drawing Records Vulnerability
Severity: High
Fixlet ID: 1143901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11439.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3334
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
***************************************************************
Title: Unspecified vulnerability in the Indeo (CVE-2009-4312)
Severity: High
Fixlet ID: 1157301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11573.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4312
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
***************************************************************
Title: Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 1157401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11574.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3962
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue, as exploited in the wild in November 2010.
***************************************************************
Title: Stack-based buffer overflow in the Intel Indeo41 codec
Severity: High
Fixlet ID: 1159601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11596.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4310
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
***************************************************************
Title: Denial of service (memory corruption) in Microsoft Indeo codec
Severity: High
Fixlet ID: 1167701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11677.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4210
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
***************************************************************
Title: Drawing Exception Handling Vulnerability
Severity: High
Fixlet ID: 1173901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11739.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3335
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
***************************************************************
Title: Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1192901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11929.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3337
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
***************************************************************
Title: RTF Stack Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 1193101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11931.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3333
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
***************************************************************
Title: MSO Large SPID Read AV Vulnerability
Severity: High
Fixlet ID: 1194701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11947.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3336
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
***************************************************************
Title: Unspecified vulnerability in the Indeo (CVE-2009-4311)
Severity: High
Fixlet ID: 1197501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11975.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4311
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
***************************************************************
Title: XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability
Severity: Medium
Fixlet ID: 1205801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12058.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2734
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
***************************************************************
Title: PowerPoint Integer Underflow Causes Heap Corruption Vulnerability
Severity: High
Fixlet ID: 1212201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12122.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2573
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
***************************************************************
Title: UAG XSS Allows EOP Vulnerability
Severity: Medium
Fixlet ID: 1212701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12127.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2733
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
***************************************************************
Title: SMTP Memory Allocation Vulnerability
Severity: Medium
Fixlet ID: 1217501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12175.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0025
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
***************************************************************
Title: Heap-based buffer overflow in the Intel Indeo41 codec
Severity: High
Fixlet ID: 1218801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12188.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4309
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
***************************************************************
Title: PowerPoint Parsing Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 1219501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12195.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2572
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
***************************************************************
Title: XSS in Signurl.asp Vulnerability
Severity: Medium
Fixlet ID: 1221801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12218.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3936
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
***************************************************************
Title: Untrusted search path vulnerability in Microsoft Office PowerPoint 2007
Severity: High
Fixlet ID: 1221901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12219.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3142
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
***************************************************************
Title: Heap corruption in the Intel Indeo41 codec
Severity: High
Fixlet ID: 1224201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12242.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4313
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
***************************************************************
Title: UAG Redirection Spoofing Vulnerability
Severity: Medium
Fixlet ID: 1225701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12257.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2732
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
More information about the WinVulns-Announcements
mailing list