[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Notification of New Vulnerabilties to Windows Systems Fixlet Messages winvulns-announcements at bigmail.bigfix.com
Sat Oct 23 05:20:13 PDT 2010

Previous message: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 225	Published: Sat, 23 Oct 2010 00:34:23  GMT

New Fixlets:
============

***************************************************************
Title: Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0
Severity: Medium
Fixlet ID: 664501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6645.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3781
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.

***************************************************************
Title: RTSP Use After Free Vulnerability
Severity: High
Fixlet ID: 668401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6684.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3225
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability.

***************************************************************
Title: Word Pointer Vulnerability
Severity: High
Fixlet ID: 669501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6695.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3217
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Merge Cell Record Pointer Vulnerability
Severity: High
Fixlet ID: 672701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6727.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3237
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Lotus 1-2-3 Workbook Parsing Vulnerability
Severity: High
Fixlet ID: 673701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6737.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3233
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Out-of-Bounds Memory Write in Parsing Vulnerability
Severity: High
Fixlet ID: 673801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6738.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3241
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: OpenType Font Validation Vulnerability
Severity: High
Fixlet ID: 674201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6742.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2741
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Permissions on New Cluster Disks Vulnerability
Severity: High
Fixlet ID: 678901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6789.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3223
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Parsing Vulnerability
Severity: High
Fixlet ID: 679201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6792.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3220
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: TLSv1 Denial of Service Vulnerability
Severity: High
Fixlet ID: 680601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6806.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3229
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: .NET Framework x64 JIT Compiler Vulnerability
Severity: High
Fixlet ID: 682401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6824.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3228
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."

***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-3331)
Severity: High
Fixlet ID: 683201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6832.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3331
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Untrusted search path vulnerability in Microsoft Address Book (wab.exe) 6.00.2900.5512 via a Trojan horse wab32res.dll
Severity: High
Fixlet ID: 683301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6833.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3147
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Microsoft Address Book (wab.exe) 6.00.2900.5512 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .wab, vCard (.vcf), or .p7c file.

***************************************************************
Title: Negative Future Function Vulnerability
Severity: High
Fixlet ID: 687201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6872.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3238
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Embedded OpenType Font Integer Overflow Vulnerability
Severity: High
Fixlet ID: 688101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6881.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1883
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: AutoComplete Information Disclosure Vulnerability
Severity: Low
Fixlet ID: 688901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6889.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0808
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Ghost Record Type Parsing Vulnerability
Severity: High
Fixlet ID: 690201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6902.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3242
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Cross-Domain Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 692801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6928.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3330
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Return Value Vulnerability
Severity: High
Fixlet ID: 697401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6974.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3215
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Heap Overflow Vulnerability
Severity: High
Fixlet ID: 701001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7010.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3218
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Index Parsing Vulnerability
Severity: High
Fixlet ID: 701901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7019.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3219
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Formula Biff Record Vulnerability
Severity: High
Fixlet ID: 702801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7028.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3235
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Parsing Vulnerability
Severity: High
Fixlet ID: 703201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7032.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3221
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Record Parsing Integer Overflow Vulnerability
Severity: High
Fixlet ID: 704201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7042.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3230
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-3328)
Severity: High
Fixlet ID: 705901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7059.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3328
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Uninitialized Pointer Vulnerability
Severity: High
Fixlet ID: 712101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7121.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2747
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: LPC Message Buffer Overrun Vulnerability
Severity: High
Fixlet ID: 717501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7175.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3222
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Stack-based buffer overflow in mfc42.dll on Windows 2000 SP4 and XP SP2 and SP3
Severity: High
Fixlet ID: 719201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7192.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3885
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll (aka the Microsoft MFCDLL shared library) on Windows 2000 SP4 and XP SP2 and SP3 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.21 Build 4010 application

***************************************************************
Title: Real Time Data Array Record Vulnerability
Severity: High
Fixlet ID: 719601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7196.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3240
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Uninitialized Memory Corruption Vulnerability
Severity: High
Fixlet ID: 720701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7207.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3326
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Out Of Bounds Array Vulnerability
Severity: High
Fixlet ID: 720901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7209.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3236
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Untrusted search path vulnerability in Microsoft Windows Contacts via a Trojan horse wab32res.dll
Severity: High
Fixlet ID: 722401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7224.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file.

***************************************************************
Title: OpenType Font Parsing Vulnerability
Severity: High
Fixlet ID: 725801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7258.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2740
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Comctl32 Heap Overflow Vulnerability
Severity: High
Fixlet ID: 727201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7272.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2746
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: HTML Sanitization Vulnerability
Severity: Medium
Fixlet ID: 727501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7275.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3243
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability.

***************************************************************
Title: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Severity: Medium
Fixlet ID: 729101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7291.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3433
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.

***************************************************************
Title: HTML Sanitization Vulnerability (CVE-2010-3324)
Severity: Medium
Fixlet ID: 729701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7297.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3324
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Stack Overflow Vulnerability
Severity: High
Fixlet ID: 732201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7322.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3214
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Vulnerability in js_InitRandom function in the JavaScript implementation in Mozilla Firefox and Seamonkey
Severity: Medium
Fixlet ID: 733901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7339.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3400
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.

***************************************************************
Title: Vulnerability in the Math.random function in the JavaScript implementation in Mozilla Firefox
Severity: Medium
Fixlet ID: 737001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7370.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3171
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

***************************************************************
Title: Word Boundary Check Vulnerability
Severity: High
Fixlet ID: 737501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7375.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2748
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: CSS Special Character Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 741001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7410.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3325
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Anchor Element Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 741701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7417.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3327
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Untrusted search path vulnerability in Adobe Captivate version 5.0.0.596 via a Trojan horse dwmapi.dll
Severity: High
Fixlet ID: 747001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7470.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3191
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file.

***************************************************************
Title: Excel Record Parsing Memory Corruption Vulnerability
Severity: High
Fixlet ID: 747501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7475.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3231
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-3329)
Severity: High
Fixlet ID: 748201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7482.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3329
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Bookmarks Vulnerability
Severity: High
Fixlet ID: 752901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7529.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3216
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Formula Substream Memory Corruption Vulnerability
Severity: High
Fixlet ID: 755501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7555.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3234
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel File Format Parsing Vulnerability
Severity: High
Fixlet ID: 757501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7575.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3232
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Word Index Vulnerability
Severity: High
Fixlet ID: 758201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7582.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2750
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Vulnerability in js_InitRandom function in the JavaScript implementation in Mozilla Firefox
Severity: Medium
Fixlet ID: 759801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7598.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3399
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.

***************************************************************
Title: Extra Out of Boundary Record Parsing Vulnerability
Severity: High
Fixlet ID: 761601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7616.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3239
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: HTML Sanitization Vulnerability (CVE-2010-3243)
Severity: Medium
Fixlet ID: 763701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7637.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3243
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Previous message: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the WinVulns-Announcements mailing list