[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Sep 30 05:20:10 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 221 Published: Wed, 29 Sep 2010 17:44:39 GMT
New Fixlets:
============
***************************************************************
Title: WordPad Word 97 Text Converter Memory Corruption Vulnerability
Severity: High
Fixlet ID: 663201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6632.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2563
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
***************************************************************
Title: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4
Severity: High
Fixlet ID: 665101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6651.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3000
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
***************************************************************
Title: Array index error vulnerability in RealNetworks RealPlayer 11.0 through 11.1
Severity: High
Fixlet ID: 670301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6703.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2996
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
***************************************************************
Title: Google Chrome SVG Style Use-after-free DoS
Severity: High
Fixlet ID: 671701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6717.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3409
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles.
***************************************************************
Title: Heap-based buffer overflow vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4
Severity: High
Fixlet ID: 680701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6807.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0120
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.
***************************************************************
Title: Allows remote attackers to bypass the Origin Policy in Google Chrome version less than 4.1.249.1064
Severity: High
Fixlet ID: 681301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6813.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
***************************************************************
Title: Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 685201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6852.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2884
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Flash Player 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris; Flash Player 10.1.92.10 for Android; Reader 9.3.4 for Windows, Macintosh and UNIX; and Acrobat 9.3.4 and earlier for Windows and Macintosh allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, as exploited in the wild in September 2010.
***************************************************************
Title: Untrusted search path vulnerability in Nullsoft Winamp 5.581 and probably other versions
Severity: High
Fixlet ID: 687401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6874.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3137
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
***************************************************************
Title: Problem in handling HTML5 media in Google Chrome version less than 4.1.249.1064
Severity: Medium
Fixlet ID: 687801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6878.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Google Chrome Nested SVG Elements Use-after-free DoS
Severity: High
Fixlet ID: 688001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6880.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3410
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
***************************************************************
Title: Untrusted search path vulnerability in uTorrent less than or equal to 2.0.3
Severity: High
Fixlet ID: 688701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6887.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3129
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
***************************************************************
Title: Request Header Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 693301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6933.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2730
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
***************************************************************
Title: Google Chrome Pop-up Blocking Functionality Unspecified DoS
Severity: Medium
Fixlet ID: 693701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6937.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3413
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
***************************************************************
Title: Directory Authentication Bypass Vulnerability
Severity: Medium
Fixlet ID: 694201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6942.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2731
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
***************************************************************
Title: Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 698801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6988.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1777
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
***************************************************************
Title: Problem in handling fonts in Google Chrome version less than 4.1.249.1064
Severity: High
Fixlet ID: 703401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7034.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1665
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability
Severity: High
Fixlet ID: 706101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7061.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1387
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
***************************************************************
Title: LSASS Heap Overflow Vulnerability
Severity: High
Fixlet ID: 712001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7120.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0820
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."
***************************************************************
Title: Heap Based Buffer Overflow in Outlook Vulnerability
Severity: High
Fixlet ID: 712501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7125.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2728
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
***************************************************************
Title: IIS Repeated Parameter Request Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 712701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7127.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1899
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
***************************************************************
Title: Untrusted search path vulnerability in the Indeo filter (iac25_32.ax) in Microsoft Windows
Severity: High
Fixlet ID: 713201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7132.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3138
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in the Indeo filter (iac25_32.ax) in Microsoft Windows, as used in BS.Player, Media Player Classic, and possibly other products, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse iacenc.dll that is located in the same folder as an AVI, .mka, .ra, or .ram file. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Vulnerability in RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows during YUV420 transformations
Severity: High
Fixlet ID: 716901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7169.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0117
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
***************************************************************
Title: RPC Memory Corruption Vulnerability
Severity: High
Fixlet ID: 717701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7177.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2567
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
***************************************************************
Title: Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 717801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7178.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1769
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
***************************************************************
Title: Untrusted search path vulnerability via a Trojan horse mfc90loc.dll in avast! Free Antivirus version less than or equal to 5.0.594
Severity: High
Fixlet ID: 719301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7193.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3126
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.
***************************************************************
Title: Uniscribe Font Parsing Engine Memory Corruption Vulnerability
Severity: High
Fixlet ID: 721401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7214.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2738
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
***************************************************************
Title: Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability
Severity: High
Fixlet ID: 721701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7217.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1795
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
***************************************************************
Title: Apple iTunes Webkit Unspecified Vulnerability
Severity: High
Fixlet ID: 722101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7221.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1763
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
***************************************************************
Title: Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors
Severity: High
Fixlet ID: 722701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7227.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3002
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
***************************************************************
Title: MPEG-4 Codec Vulnerability
Severity: High
Fixlet ID: 731801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7318.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0818
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
***************************************************************
Title: Integer overflow vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4
Severity: High
Fixlet ID: 732601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7326.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0116
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
***************************************************************
Title: Google Chrome Console Implementation Race Condition Unspecified Issue
Severity: High
Fixlet ID: 735401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7354.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3412
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
***************************************************************
Title: Print Spooler Service Impersonation Vulnerability
Severity: High
Fixlet ID: 735801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2729
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
***************************************************************
Title: Google Chrome Extension History Access Prompting Weakness Information Disclosure
Severity: Medium
Fixlet ID: 737101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7371.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3417
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
***************************************************************
Title: Google Chrome Document API Parsing Use-after-free DoS
Severity: High
Fixlet ID: 746201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7462.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3408
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs during parsing.
***************************************************************
Title: Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4
Severity: High
Fixlet ID: 750701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7507.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3001
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
***************************************************************
Title: Apple Quicktime QTPlugin.ocx ActiveX IPersistPropertyBag2::Read Function _Marshaled_pUnk Memory Corruption
Severity: High
Fixlet ID: 752301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7523.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1818
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshaling of an untrusted pointer.
***************************************************************
Title: CSRSS Local Elevation of Privilege Vulnerability
Severity: Medium
Fixlet ID: 753601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7536.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1891
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
***************************************************************
Title: Untrusted search path vulnerability in Google Earth version 5.1.3535.3218
Severity: High
Fixlet ID: 755301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7553.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3134
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file.
***************************************************************
Title: Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability
Severity: Medium
Fixlet ID: 760401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7604.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1768
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
***************************************************************
Title: Google Chrome Geolocation Feature Weakness Unspecified Memory Corruption
Severity: High
Fixlet ID: 762001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7620.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3415
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
More information about the WinVulns-Announcements
mailing list