[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Feb 16 05:20:08 PST 2011
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 240 Published: Wed, 16 Feb 2011 01:24:35 GMT
New Fixlets:
============
***************************************************************
Title: OpenType Font Encoded Character Vulnerability
Severity: High
Fixlet ID: 1159301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0033
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
***************************************************************
Title: Win32k Window Class Improper Pointer Validation Vulnerability
Severity: High
Fixlet ID: 1163801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11638.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0089
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
***************************************************************
Title: Windows Kernel Integer Truncation Vulnerability
Severity: High
Fixlet ID: 1199601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11996.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0045
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel in Microsoft Windows XP SP3 performs memory allocation before properly validating unspecified data obtained from a user, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Integer Truncation Vulnerability."
***************************************************************
Title: Win32k Improper User Input Validation Vulnerability
Severity: High
Fixlet ID: 1207001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12070.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0086
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
***************************************************************
Title: Driver Improper Interaction with Windows Kernel Vulnerability
Severity: High
Fixlet ID: 1216201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12162.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4398
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2011-0036)
Severity: High
Fixlet ID: 1226101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12261.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0036
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
***************************************************************
Title: Internet Explorer Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1227001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12270.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0038
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
***************************************************************
Title: Win32k Insufficient User Input Validation Vulnerability
Severity: High
Fixlet ID: 1231201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12312.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0087
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
***************************************************************
Title: Scripting Engines Information Disclosure Vulnerability
Severity: High
Fixlet ID: 1231301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12313.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0031
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
***************************************************************
Title: IIS FTP Service Heap Buffer Overrun Vulnerability
Severity: High
Fixlet ID: 1237001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12370.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3972
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Uninitialized Memory Corruption Vulnerability (CVE-2011-0035)
Severity: High
Fixlet ID: 1237101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12371.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0035
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
***************************************************************
Title: CSS Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1238201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12382.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3971
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
***************************************************************
Title: Visio Attribute Validation Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1240301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12403.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0092
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly handle objects in memory during the parsing of Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Object Memory Corruption Vulnerability."
***************************************************************
Title: LSASS Length Validation Vulnerability
Severity: High
Fixlet ID: 1243201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12432.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
***************************************************************
Title: Win32k Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1245501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12455.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0090
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
***************************************************************
Title: Visio Data Type Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1246901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12469.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0093
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
***************************************************************
Title: CSRSS Elevation of Privilege Vulnerability
Severity: Medium
Fixlet ID: 1247601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12476.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0030
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
***************************************************************
Title: Active Directory SPN Validation Vulnerability
Severity: Medium
Fixlet ID: 1248501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12485.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0040
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
***************************************************************
Title: Kerberos Spoofing Vulnerability
Severity: Medium
Fixlet ID: 1249801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12498.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0091
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
***************************************************************
Title: LSASS Length Validation Vulnerability
Severity: High
Fixlet ID: 1253701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12537.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0039
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
***************************************************************
Title: Win32k Window Class Pointer Confusion Vulnerability
Severity: High
Fixlet ID: 1255301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12553.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0088
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
More information about the WinVulns-Announcements
mailing list