[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jan 21 05:20:08 PST 2011
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 235 Published: Thu, 20 Jan 2011 18:47:08 GMT
New Fixlets:
============
***************************************************************
Title: Remote Code Execution Vulnerability in Microsoft Graphics Rendering Engine
Severity: High
Fixlet ID: 1167101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11671.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3970
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Microsoft Graphics Rendering Engine in Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unsplecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao.
***************************************************************
Title: Cross-site Scripting in HTTP Error Page
Severity: High
Fixlet ID: 1200801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12008.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0148
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
***************************************************************
Title: Buffer Overrun in HTTP Header handling
Severity: High
Fixlet ID: 1212401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12124.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0150
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
***************************************************************
Title: Backup Manager Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1227301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12273.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3145
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."
***************************************************************
Title: Microsoft-discovered variant of Chunked Encoding buffer overrun
Severity: High
Fixlet ID: 1230701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12307.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0147
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
***************************************************************
Title: Access violation in URL error handling
Severity: Medium
Fixlet ID: 1231501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12315.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0072
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
***************************************************************
Title: DSN Overflow Vulnerability
Severity: High
Fixlet ID: 1233301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12333.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0026
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
***************************************************************
Title: Cross-site Scripting in Redirect Response message
Severity: High
Fixlet ID: 1234601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12346.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0075
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
***************************************************************
Title: Cross-site Scripting in IIS Help File search facility
Severity: High
Fixlet ID: 1235601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0074
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
***************************************************************
Title: Buffer Overrun in ASP Server-Side Include Function
Severity: High
Fixlet ID: 1240701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12407.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0149
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
***************************************************************
Title: ADO Record Memory Vulnerability
Severity: High
Fixlet ID: 1241101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12411.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0027
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
***************************************************************
Title: Buffer overrun in HTR ISAPI extension
Severity: High
Fixlet ID: 1241301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12413.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
***************************************************************
Title: Kernel NDProxy Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 1246101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12461.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3963
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
***************************************************************
Title: Denial of service via FTP status request
Severity: Medium
Fixlet ID: 1249001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12490.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0073
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
***************************************************************
Title: Buffer overrun in Chunked Encoding mechanism
Severity: High
Fixlet ID: 1250101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12501.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0079
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
More information about the WinVulns-Announcements
mailing list