[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Mar 25 04:20:09 PST 2011
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 247 Published: Thu, 24 Mar 2011 18:11:22 GMT
New Fixlets:
============
***************************************************************
Title: Clickjacking vulnerability in Opera before 11.01
Severity: Medium
Fixlet ID: 1164101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11641.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
***************************************************************
Title: Unspecified vulnerability in Opera before 11.01 via a unknown content on a web page
Severity: Medium
Fixlet ID: 1187801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11878.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0686
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
***************************************************************
Title: Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4
Severity: Medium
Fixlet ID: 1193901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11939.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4698
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
***************************************************************
Title: CSS bypass vulnerability in Opera before 11.01
Severity: Medium
Fixlet ID: 1204501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12045.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0681
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
***************************************************************
Title: Information disclosure vulnerability in Opera before 11.01
Severity: Medium
Fixlet ID: 1229601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12296.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0684
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.
***************************************************************
Title: Security vulnerability in download manager in Opera before 11.01
Severity: High
Fixlet ID: 1236901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12369.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0450
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.
***************************************************************
Title: Vulnerability in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4
Severity: Medium
Fixlet ID: 1239301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12393.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4699
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
***************************************************************
Title: Denial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extension
Severity: Medium
Fixlet ID: 1248901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12489.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4150
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
***************************************************************
Title: Information disclosure vulnerability in Delete Private Data feature in Opera before 11.01
Severity: Low
Fixlet ID: 1250701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12507.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0685
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
***************************************************************
Title: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4
Severity: Medium
Fixlet ID: 1252801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12528.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4697
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.
***************************************************************
Title: Denial of service vulnerability in Opera before 11.01 via a crafted WAP document
Severity: Medium
Fixlet ID: 1256301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12563.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0687
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
***************************************************************
Title: NULL byte injection vulnerability in PHP before 5.3.4
Severity: Medium
Fixlet ID: 1256901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12569.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7243
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
***************************************************************
Title: SQL Injection vulnerability in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used.
Severity: Medium
Fixlet ID: 1262001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12620.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4700
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
***************************************************************
Title: Denial of service vulnerability in Opera before 11.01
Severity: High
Fixlet ID: 1263601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12636.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
More information about the WinVulns-Announcements
mailing list