[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Oct 16 05:20:13 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 224 Published: Fri, 15 Oct 2010 18:10:28 GMT
New Fixlets:
============
***************************************************************
Title: Google Chrome WebKit Variable Casting Weakness Malformed SVG Document Handling Unspecified Issue
Severity: High
Fixlet ID: 669101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6691.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1822
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit, as used in Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to have an unknown impact via a malformed SVG document.
***************************************************************
Title: Google Chrome Document Origin Properties Pollution Unspecified Issue
Severity: High
Fixlet ID: 731301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7313.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3730
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.
***************************************************************
Title: Untrusted search path vulnerability in ATL MFC Trace Tool as used in Microsoft Visual Studio 2010
Severity: High
Fixlet ID: 737801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7378.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3190
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file.
***************************************************************
Title: Google Chrome SPDY Protocol Implementation Buffer Management Weakness Arbitrary Code Execution
Severity: High
Fixlet ID: 738001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7380.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3729
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
***************************************************************
Title: Vulnerability in extSetOwner function in UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010
Severity: High
Fixlet ID: 763301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7633.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3189
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
More information about the WinVulns-Announcements
mailing list