[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jul 15 05:20:15 PDT 2011
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 265 Published: Thu, 14 Jul 2011 20:09:37 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft Internet Explorer PDF Printing Information Disclosure
Severity: Medium
Fixlet ID: 1235501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12355.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4073
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
***************************************************************
Title: Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1244101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12441.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1794
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
***************************************************************
Title: Microsoft Internet Explorer cross-site scripting (XSS) vulnearability
Severity: Medium
Fixlet ID: 1263801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12638.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1489
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
***************************************************************
Title: Microsoft Internet Explorer 'findText()' Unicode Parsing Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 1270001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12700.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2655
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
***************************************************************
Title: Microsoft Internet Explorer 6 through 8 spoofing vulnerability
Severity: Medium
Fixlet ID: 1281701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12817.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3003
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
***************************************************************
Title: Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 1282901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12829.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2433
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
More information about the WinVulns-Announcements
mailing list