[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Notification of New Vulnerabilties to Windows Systems Fixlet Messages winvulns-announcements at bigmail.bigfix.com
Wed Aug 1 05:23:08 PDT 2012 

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 313	Published: Tue, 31 Jul 2012 20:10:23  GMT

New Fixlets:
============

***************************************************************
Title: Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235
Severity: High
Fixlet ID: 1533501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15335.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4045
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.

***************************************************************
Title: Vulnerability in the PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1
Severity: Low
Fixlet ID: 1554701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15547.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4048
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

***************************************************************
Title: Vulnerability in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1
Severity: Low
Fixlet ID: 1570701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15707.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4049
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.

More information about the WinVulns-Announcements mailing list