[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Apr 11 05:20:28 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 294 Published: Tue, 10 Apr 2012 17:47:59 GMT
New Fixlets:
============
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 via vectors related to the handling of SVG resources
Severity: High
Fixlet ID: 1457601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14576.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 via vectors related to style-application commands
Severity: High
Fixlet ID: 1514101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15141.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 via vectors related to focus handling
Severity: High
Fixlet ID: 1517201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15172.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
***************************************************************
Title: An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a
Severity: High
Fixlet ID: 1526601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0772
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 via vectors related to run-in boxes
Severity: High
Fixlet ID: 1528501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15285.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
***************************************************************
Title: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 via vectors related to line boxes
Severity: High
Fixlet ID: 1531001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15310.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
***************************************************************
Title: Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151
Severity: High
Fixlet ID: 1531701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15317.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements
Severity: Medium
Fixlet ID: 1534201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15342.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 via vectors involving the script bindings, related to a "read-after-free" issue
Severity: High
Fixlet ID: 1534301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15343.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
***************************************************************
Title: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and
Severity: High
Fixlet ID: 1539101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15391.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0773
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
***************************************************************
Title: Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping
Severity: Medium
Fixlet ID: 1545301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15453.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows
Severity: Medium
Fixlet ID: 1548001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15480.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 via vectors related to the handling of media
Severity: High
Fixlet ID: 1551301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15513.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 via vectors related to the Google V8 bindings
Severity: High
Fixlet ID: 1552101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15521.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
More information about the WinVulns-Announcements
mailing list