[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Fri May 6 05:20:11 PDT 2011

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 256	Published: Thu, 05 May 2011 18:33:33  GMT

New Fixlets:
============

***************************************************************
Title: Denial of service vulnerability in EScript.api plugin in Adobe Acrobat and Adobe Reader 9.4.0, 8.1.7 and other versions using a crafted PDF document
Severity: High
Fixlet ID: 1252701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12527.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4091
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from thirdparty information.

***************************************************************
Title: Fax Cover Page Use After Free Vulnerability
Severity: High
Fixlet ID: 1268901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval12689.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4701
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtainedfrom third party information.