[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Wed Mar 23 04:20:08 PST 2011

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 246	Published: Tue, 22 Mar 2011 18:15:29  GMT

New Fixlets:
============

***************************************************************
Title: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385
Severity: High
Fixlet ID: 1183801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11838.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0346
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.

***************************************************************
Title: Multiple integer overflow vulnerabilities in the in_midi plugin in Winamp before 5.6
Severity: High
Fixlet ID: 1184101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11841.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4370
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.

***************************************************************
Title: Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and other versions
Severity: High
Fixlet ID: 1203501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12035.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3132
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

***************************************************************
Title: Untrusted search path vulnerability in Adobe Flash Player 9 and earlier versions.
Severity: High
Fixlet ID: 1221201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12212.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3975
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.

***************************************************************
Title: DVR-MS Vulnerability
Severity: High
Fixlet ID: 1228101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12281.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

***************************************************************
Title: Buffer overflow vulnerability in the in_mod plugin in Winamp before 5.6
Severity: High
Fixlet ID: 1230901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12309.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4371
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.

***************************************************************
Title: Denial of service vulnerability in in_mkv plugin in Winamp before 5.6
Severity: Medium
Fixlet ID: 1233201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12332.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4374
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.

***************************************************************
Title: Security bypass vulnerability in OpenSSH version 5.6 or lower
Severity: High
Fixlet ID: 1233801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12338.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

***************************************************************
Title: Integer overflow vulnerability in the in_nsv plugin in Winamp before 5.6
Severity: High
Fixlet ID: 1235801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4372
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.

***************************************************************
Title: Denial of service vulnerability in in_mp4 plugin in Winamp before 5.6
Severity: Medium
Fixlet ID: 1242501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12425.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4373
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.

***************************************************************
Title: Remote Desktop Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1248001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12480.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0029
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

***************************************************************
Title: DirectShow Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1250601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12506.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0032
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."

***************************************************************
Title: Denial of service vulnerability in the DOM implementation in Microsoft Internet Explorer 9.0.7930.16406 and earlier versions
Severity: High
Fixlet ID: 1251401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12514.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0347
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.

***************************************************************
Title: Apple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service
Severity: High
Fixlet ID: 1251901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12519.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0152
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

***************************************************************
Title: Unspecified vulnerability in Oracle VM VirtualBox 4.0
Severity: Medium
Fixlet ID: 1257601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12576.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4414
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.

***************************************************************
Title: Multiple integer overflow vulnerabilities in the in_nsv plugin in Winamp before 5.6
Severity: High
Fixlet ID: 1258701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12587.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2586
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.

***************************************************************
Title: Microsoft Groove Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1263201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12632.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3146
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."