[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Apr 22 05:20:08 PDT 2011
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 252 Published: Thu, 21 Apr 2011 18:53:31 GMT
New Fixlets:
============
***************************************************************
Title: Excel Record Parsing WriteAV Vulnerability
Severity: High
Fixlet ID: 1167601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11676.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0101
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Record Parsing WriteAV Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0674)
Severity: High
Fixlet ID: 1170801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11708.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1239)
Severity: High
Fixlet ID: 1172601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11726.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1239
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Persist Directory RCE Vulnerability
Severity: High
Fixlet ID: 1176101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11761.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0656
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Persist Directory RCE Vulnerability."
***************************************************************
Title: Excel Buffer Overwrite Vulnerability
Severity: High
Fixlet ID: 1176701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11767.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0104
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1233)
Severity: High
Fixlet ID: 1181201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11812.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1233
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: GDI+ Integer Overflow Vulnerability
Severity: High
Fixlet ID: 1185401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11854.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
***************************************************************
Title: OpenType Font Stack Overflow Vulnerability
Severity: High
Fixlet ID: 1186001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11860.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0034
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
***************************************************************
Title: MSHTML Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1188201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11882.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0346
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
***************************************************************
Title: DNS Query Vulnerability
Severity: High
Fixlet ID: 1190201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11902.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0657
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
***************************************************************
Title: Frame Tag Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1192601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11926.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1244
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0671)
Severity: High
Fixlet ID: 1194201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11942.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0671
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: OfficeArt Atom RCE Vulnerability
Severity: High
Fixlet ID: 1197801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11978.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0976
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."
***************************************************************
Title: SMB Client Response Parsing Vulnerability
Severity: High
Fixlet ID: 1199501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11995.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0660
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1225)
Severity: High
Fixlet ID: 1201401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12014.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1225
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1228)
Severity: High
Fixlet ID: 1201701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12017.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1228
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Excel Dangling Pointer Vulnerability
Severity: High
Fixlet ID: 1201801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12018.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0980
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
***************************************************************
Title: Excel Heap Overflow Vulnerability
Severity: High
Fixlet ID: 1203401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12034.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0098
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via crafted record information in an Excel file, aka "Excel Heap Overflow Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1231)
Severity: High
Fixlet ID: 1203601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12036.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1231
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: SMB Transaction Parsing Vulnerability
Severity: High
Fixlet ID: 1207601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12076.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0661
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1230)
Severity: High
Fixlet ID: 1216401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12164.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1230
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0672)
Severity: High
Fixlet ID: 1216701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12167.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0672
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0675)
Severity: High
Fixlet ID: 1218301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12183.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0675
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1234)
Severity: High
Fixlet ID: 1222101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12221.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1234
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Object Management Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1222801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12228.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1345
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
***************************************************************
Title: WordPad Converter Parsing Vulnerability
Severity: High
Fixlet ID: 1230101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12301.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0028
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1235)
Severity: High
Fixlet ID: 1230201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12302.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1235
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0670)
Severity: High
Fixlet ID: 1233701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12337.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Microsoft Office Graphic Object Dereferencing Vulnerability
Severity: High
Fixlet ID: 1233901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12339.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0977
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0667)
Severity: High
Fixlet ID: 1234001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12340.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0667
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0666)
Severity: High
Fixlet ID: 1234701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12347.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0666
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Javascript Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1238501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12385.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1245
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."
***************************************************************
Title: Fax Cover Page Editor Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1239001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12390.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3974
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1232)
Severity: High
Fixlet ID: 1239201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12392.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1232
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: .NET Framework Stack Corruption Vulnerability
Severity: High
Fixlet ID: 1240601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12406.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3958
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676)
Severity: High
Fixlet ID: 1241601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12416.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0676
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1238)
Severity: High
Fixlet ID: 1241701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12417.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1238
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Excel Array Indexing Vulnerability
Severity: High
Fixlet ID: 1243901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12439.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0978
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
***************************************************************
Title: MFC Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1245701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12457.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3190
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
***************************************************************
Title: Layouts Handling Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1246301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12463.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0094
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1237)
Severity: High
Fixlet ID: 1246701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12467.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1237
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676)
Severity: High
Fixlet ID: 1247401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12474.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0676
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Microsoft WMITools ActiveX Control Vulnerability
Severity: High
Fixlet ID: 1247501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12475.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3973
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1236)
Severity: High
Fixlet ID: 1247801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12478.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1236
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1229)
Severity: High
Fixlet ID: 1250301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12503.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1229
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Microsoft Windows Messenger ActiveX Control Vulnerability
Severity: High
Fixlet ID: 1252401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12524.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1243
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1242)
Severity: High
Fixlet ID: 1252501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12525.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1242
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0665)
Severity: High
Fixlet ID: 1252601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12526.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0665
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Microsoft Internet Explorer 8 Developer Tools Vulnerability
Severity: High
Fixlet ID: 1253401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12534.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0811
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1241)
Severity: High
Fixlet ID: 1254001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12540.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1241
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-0662)
Severity: High
Fixlet ID: 1254301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12543.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0662
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0673)
Severity: High
Fixlet ID: 1254601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12546.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0673
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability (CVE-2011-1240)
Severity: High
Fixlet ID: 1254701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12547.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1240
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Excel Linked List Corruption Vulnerability
Severity: High
Fixlet ID: 1259501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12595.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0979
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."
***************************************************************
Title: Excel Integer Overrun Vulnerability
Severity: High
Fixlet ID: 1261201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12612.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0097
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via crafted record information in an Excel file, aka "Excel Integer Overrun Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1226)
Severity: High
Fixlet ID: 1261301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12613.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1226
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Excel Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1261601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12616.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0103
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
***************************************************************
Title: Excel Data Initialization Vulnerability
Severity: High
Fixlet ID: 1261801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12618.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0105
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
***************************************************************
Title: Floating Point Techno-color Time Bandit RCE Vulnerability
Severity: High
Fixlet ID: 1262401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12624.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0655
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."
***************************************************************
Title: Browser Pool Corruption Vulnerability
Severity: High
Fixlet ID: 1263701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12637.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0654
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0677)
Severity: High
Fixlet ID: 1265301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12653.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0677
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
***************************************************************
Title: Office Component Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1265501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12655.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0107
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
***************************************************************
Title: Scripting Memory Reallocation Vulnerability
Severity: High
Fixlet ID: 1267301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12673.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
***************************************************************
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1227)
Severity: High
Fixlet ID: 1268101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12681.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1227
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
More information about the WinVulns-Announcements
mailing list