[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Oct 8 05:20:10 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 222 Published: Thu, 07 Oct 2010 17:59:06 GMT
New Fixlets:
============
***************************************************************
Title: Untrusted search path vulnerability via a Trojan horse dwmapi.dll in TechSmith SnagIt version from 8.2.1 to 10.0.0(build 788)
Severity: High
Fixlet ID: 666801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6668.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3130
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in TechSmith SnagIt 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.
***************************************************************
Title: Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 and Windows XP SP2
Severity: High
Fixlet ID: 674301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6743.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3140
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file
***************************************************************
Title: Untrusted search path vulnerability via a Trojan horse dwmapi.dll in TeamViewer version less than or equal to 5.0.8703
Severity: High
Fixlet ID: 677301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6773.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3128
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
***************************************************************
Title: Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5
Severity: High
Fixlet ID: 677801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6778.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3127
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Vulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to SVG styles
Severity: High
Fixlet ID: 715101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7151.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1824
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles.
***************************************************************
Title: Vulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to nested SVG elements
Severity: High
Fixlet ID: 720201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7202.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1825
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
***************************************************************
Title: Vulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to SVG font,aka rdar problem 8442098
Severity: High
Fixlet ID: 740501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1823
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.
More information about the WinVulns-Announcements
mailing list