[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Sep 11 05:20:11 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 218 Published: Fri, 10 Sep 2010 17:13:10 GMT
New Fixlets:
============
***************************************************************
Title: Denial of service in Google Chrome 1.0.154.48 via an HTML document with many IFRAME elements.
Severity: Medium
Fixlet ID: 1136301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11363.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1992
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
***************************************************************
Title: Cross-site data leakage issue in Google Chrome version less than or equal to 4.1.249.1064
Severity: Medium
Fixlet ID: 1175701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11757.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1851
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
***************************************************************
Title: Adobe Shockwave Player Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1192401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11924.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2874
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Denial of service in Google Chrome 1.0.154.48 via JavaScript code containing an infinite loop
Severity: Medium
Fixlet ID: 1196601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11966.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2120
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
More information about the WinVulns-Announcements
mailing list