[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Apr 18 05:20:31 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 296 Published: Tue, 17 Apr 2012 20:24:23 GMT
New Fixlets:
============
***************************************************************
Title: Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
Severity: High
Fixlet ID: 1462801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14628.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0725
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
***************************************************************
Title: DEPRECATED: Vulnerability in dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1464201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14642.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
***************************************************************
Title: Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
Severity: High
Fixlet ID: 1486001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14860.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0774
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
***************************************************************
Title: ANSI A dissector vulnerability in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Severity: Low
Fixlet ID: 1499101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14991.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1593
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
***************************************************************
Title: DEPRECATED: String conversion vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Low
Fixlet ID: 1506101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15061.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.
***************************************************************
Title: Long packet handling vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1511101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15111.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0066
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
***************************************************************
Title: Vulnerability in wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1519201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15192.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0067
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
***************************************************************
Title: MP2T dissector vulnerability in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Severity: Medium
Fixlet ID: 1519401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15194.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1596
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.
***************************************************************
Title: IEEE 802.11 dissector vulnerability in Wireshark 1.6.x before 1.6.6
Severity: Low
Fixlet ID: 1524401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15244.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1594
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
***************************************************************
Title: DEPRECATED: Long packet handling vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1525201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15252.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0066
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
***************************************************************
Title: The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
Severity: High
Fixlet ID: 1527001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15270.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0776
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
***************************************************************
Title: Vulnerability in dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1529701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15297.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
***************************************************************
Title: DEPRECATED: Vulnerability in lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1531901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15319.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0068
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small.
***************************************************************
Title: RLC dissector vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1532401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15324.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.
***************************************************************
Title: DEPRECATED: ANSI A dissector vulnerability in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Severity: Low
Fixlet ID: 1534001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15340.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1593
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
***************************************************************
Title: DEPRECATED: Vulnerability in pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Severity: Medium
Fixlet ID: 1535601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1595
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.
***************************************************************
Title: DEPRECATED: RLC dissector vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1535701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15357.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.
***************************************************************
Title: String conversion vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Low
Fixlet ID: 1536801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15368.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.
***************************************************************
Title: Vulnerability in lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1537901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15379.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0068
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small.
***************************************************************
Title: DEPRECATED: MP2T dissector vulnerability in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Severity: Medium
Fixlet ID: 1540301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15403.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1596
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.
***************************************************************
Title: The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Severity: High
Fixlet ID: 1547701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15477.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0775
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
***************************************************************
Title: DEPRECATED: Vulnerability in wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5
Severity: Medium
Fixlet ID: 1548901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15489.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0067
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
***************************************************************
Title: DEPRECATED: IEEE 802.11 dissector vulnerability in Wireshark 1.6.x before 1.6.6
Severity: Low
Fixlet ID: 1549101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15491.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1594
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
***************************************************************
Title: Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
Severity: High
Fixlet ID: 1553301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15533.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0724
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
***************************************************************
Title: Vulnerability in pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Severity: Medium
Fixlet ID: 1554801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15548.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1595
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.
More information about the WinVulns-Announcements
mailing list