[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Dec 4 05:21:21 PST 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 323 Published: Tue, 04 Dec 2012 00:31:10 GMT
New Fixlets:
============
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to the handling of SVG filters
Severity: High
Fixlet ID: 1499401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14994.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5116
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.
***************************************************************
Title: Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations
Severity: High
Fixlet ID: 1522101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15221.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5128
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to the handling of extension tabs
Severity: High
Fixlet ID: 1534101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15341.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5125
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
***************************************************************
Title: .NET Framework Insecure Library Loading Vulnerability - MS12-074
Severity: High
Fixlet ID: 1552001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15520.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2519
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
***************************************************************
Title: Windows Briefcase Integer Overflow Vulnerability - MS12-072
Severity: High
Fixlet ID: 1552801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15528.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1528
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
***************************************************************
Title: Vulnerability in libpng_plugin in VideoLAN VLC media player 2.0.3
Severity: Medium
Fixlet ID: 1554001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15540.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5470
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
***************************************************************
Title: Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors
Severity: Medium
Fixlet ID: 1563101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15631.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5123
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: Google Chrome before 23.0.1271.64 does not properly handle textures
Severity: High
Fixlet ID: 1566001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15660.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5124
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: CFormElement use after free vulnerability - MS12-071
Severity: High
Fixlet ID: 1567701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15677.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1538
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
***************************************************************
Title: Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input
Severity: High
Fixlet ID: 1569501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15695.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5122
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
***************************************************************
Title: Excel SST Invalid Length Use After Free Vulnerability - MS12-076
Severity: High
Fixlet ID: 1571701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15717.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1887
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
***************************************************************
Title: Excel Stack Overflow Vulnerability - MS12-076
Severity: High
Fixlet ID: 1573701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15737.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2543
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."
***************************************************************
Title: Excel SerAuxErrBar Heap Overflow Vulnerability - MS12-076
Severity: High
Fixlet ID: 1575201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15752.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1885
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."
***************************************************************
Title: Code access security info disclosure vulnerability - MS12-074
Severity: Medium
Fixlet ID: 1578501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15785.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1896
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
***************************************************************
Title: FTP Command Injection Vulnerability - MS12-073
Severity: Medium
Fixlet ID: 1578601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15786.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2532
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."
***************************************************************
Title: Web proxy auto-discovery vulnerability - MS12-074
Severity: High
Fixlet ID: 1581001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15810.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4776
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability - MS12-075
Severity: High
Fixlet ID: 1581701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15817.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2553
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: TrueType Font Parsing Vulnerability - MS12-075
Severity: High
Fixlet ID: 1584701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15847.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2897
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
***************************************************************
Title: CTreePos use after free vulnerability - MS12-071
Severity: High
Fixlet ID: 1588601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15886.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1539
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to the handling of plug-in placeholders
Severity: High
Fixlet ID: 1589101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15891.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5126
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.
***************************************************************
Title: Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12
Severity: High
Fixlet ID: 1589301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15893.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0023
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
***************************************************************
Title: Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element
Severity: High
Fixlet ID: 1591201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15912.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5117
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.
***************************************************************
Title: Reflection Bypass Vulnerability - MS12-074
Severity: High
Fixlet ID: 1592401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15924.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1895
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
***************************************************************
Title: Excel Memory Corruption Vulnerability - MS12-076
Severity: High
Fixlet ID: 1592701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15927.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1886
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
***************************************************************
Title: CTreeNode use after free vulnerability - MS12-071
Severity: High
Fixlet ID: 1593201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15932.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4775
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability - MS12-075
Severity: High
Fixlet ID: 1593601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15936.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2530
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: Integer overflow in Google Chrome before 23.0.1271.64 via a crafted WebP image
Severity: High
Fixlet ID: 1594301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15943.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5127
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to video layout
Severity: High
Fixlet ID: 1595701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15957.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5121
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.
***************************************************************
Title: Password Disclosure Vulnerability - MS12-073
Severity: Low
Fixlet ID: 1595901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15959.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2531
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
***************************************************************
Title: WPF reflection optimization vulnerability - MS12-074
Severity: High
Fixlet ID: 1596001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15960.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4777
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
***************************************************************
Title: Windows Briefcase Integer Underflow Vulnerability - MS12-072
Severity: High
Fixlet ID: 1597501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15975.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1527
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
***************************************************************
Title: Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, via vectors related to buffers
Severity: Medium
Fixlet ID: 1597701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15977.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5119
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers.
More information about the WinVulns-Announcements
mailing list