[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Thu Jun 23 05:20:19 PDT 2011

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 262	Published: Wed, 22 Jun 2011 18:08:10  GMT

New Fixlets:
============

***************************************************************
Title: DFS Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1175801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11758.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1868
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: .NET Framework Array Offset Vulnerability
Severity: High
Fixlet ID: 1200701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12007.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Insufficient Record Validation Vulnerability
Severity: High
Fixlet ID: 1213901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12139.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1272
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Time Element Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1222701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12227.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1255
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1229101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12291.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1277
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Layout Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1230801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12308.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1260
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: DOM Manipulation Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1232601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12326.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1251
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: OLE Automation Underflow Vulnerability
Severity: High
Fixlet ID: 1233501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12335.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0658
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Improper Record Parsing Vulnerability
Severity: High
Fixlet ID: 1235401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12354.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1273
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Drag and Drop Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1236801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12368.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1254
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Out of Bounds WriteAV Vulnerability
Severity: High
Fixlet ID: 1237301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12373.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1279
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: HTTP Redirect Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1240501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1262
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Buffer Overrun Vulnerability
Severity: High
Fixlet ID: 1245101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12451.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1276
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: MIME Sniffing Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1246401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12464.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1246
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: MHTML Mime-Formatted Request Vulnerability
Severity: Medium
Fixlet ID: 1249401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12494.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1894
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Drag and Drop Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1249501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12495.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1258
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Out of Bounds Array Access Vulnerability
Severity: High
Fixlet ID: 1253801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12538.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1274
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: toStaticHTML Information Disclosure Vulnerability
Severity: Medium
Fixlet ID: 1257701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12577.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1252
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: VML Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1259301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1266
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: DFS Referral Response Vulnerability
Severity: High
Fixlet ID: 1264001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12640.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1869
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: TMG Firewall Client Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1264201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12642.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1889
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: VMBus Persistent DoS Vulnerability
Severity: Medium
Fixlet ID: 1265001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12650.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1872
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: SMB Transaction Parsing Vulnerability
Severity: High
Fixlet ID: 1265401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12654.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0661
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: XML External Entities Resolution Vulnerability
Severity: Medium
Fixlet ID: 1266401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12664.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1280
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

***************************************************************
Title: .NET Framework JIT Optimization Vulnerability
Severity: Medium
Fixlet ID: 1268601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12686.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1271
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The JIT compiler in Microsoft .NET Framework before 4 beta 2, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a crafted application, as demonstrated by a C# application on the x86 platform.

***************************************************************
Title: Excel WriteAV Vulnerability
Severity: High
Fixlet ID: 1268701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12687.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1278
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Link Properties Handling Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1270801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12708.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1250
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: DOM Modification Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1271601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12716.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1256
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Win32k OTF Validation Vulnerability
Severity: High
Fixlet ID: 1272501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12725.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1873
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Ancillary Function Driver Elevation of Privilege Vulnerability
Severity: High
Fixlet ID: 1273101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12731.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1249
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Excel Memory Heap Overwrite Vulnerability
Severity: High
Fixlet ID: 1273601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12736.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1275
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: SMB Response Parsing Vulnerability
Severity: High
Fixlet ID: 1274601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12746.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1268
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Active Directory Certificate Services Vulnerability
Severity: Medium
Fixlet ID: 1274901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12749.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1264
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."

***************************************************************
Title: Selection Object Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1275501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12755.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1261
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.