[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Jul 25 05:26:56 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 311 Published: Tue, 24 Jul 2012 18:15:28 GMT
New Fixlets:
============
***************************************************************
Title: Visual Basic for Applications Insecure Library Loading Vulnerability - MS12-046
Severity: Medium
Fixlet ID: 1495001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14950.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1854
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
***************************************************************
Title: MSXML Uninitialized Memory Corruption Vulnerability - MS12-043
Severity: High
Fixlet ID: 1519501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15195.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
***************************************************************
Title: SharePoint Search Scope Vulnerability - MS12-050
Severity: Medium
Fixlet ID: 1526501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15265.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1860
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
***************************************************************
Title: Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer in VideoLAN VLC media player before 2.0.2
Severity: Medium
Fixlet ID: 1529901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15299.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3377
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
***************************************************************
Title: SharePoint Script in Username Vulnerability - MS12-050
Severity: Medium
Fixlet ID: 1554401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15544.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1861
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
***************************************************************
Title: XSS scriptresx.ashx Vulnerability - MS12-050
Severity: Medium
Fixlet ID: 1558901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15589.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1859
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
***************************************************************
Title: SharePoint URL Redirection Vulnerability - MS12-050
Severity: Medium
Fixlet ID: 1565701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15657.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1862
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
***************************************************************
Title: SharePoint Reflected List Parameter Vulnerability - MS12-050
Severity: Medium
Fixlet ID: 1568901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15689.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1863
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
More information about the WinVulns-Announcements
mailing list