[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Jun 26 05:20:12 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 306 Published: Mon, 25 Jun 2012 20:06:33 GMT
New Fixlets:
============
***************************************************************
Title: NET Framework Memory Access Vulnerability (CVE-2012-1855)
Severity: High
Fixlet ID: 1471701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14717.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1855
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
***************************************************************
Title: Lync Insecure Library Loading Vulnerability (CVE-2012-1849)
Severity: High
Fixlet ID: 1487401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14874.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1849
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
***************************************************************
Title: insertRow Remote Code Execution Vulnerability (CVE-2012-1880)
Severity: High
Fixlet ID: 1497501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14975.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1880
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
***************************************************************
Title: Null Byte Information Disclosure Vulnerability (CVE-2012-1873)
Severity: Medium
Fixlet ID: 1502601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15026.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1873
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."
***************************************************************
Title: Clipboard Format Atom Name Handling Vulnerability (CVE-2012-1866)
Severity: High
Fixlet ID: 1509601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15096.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1866
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
***************************************************************
Title: Remote Desktop Protocol Vulnerability (CVE-2012-0173)
Severity: High
Fixlet ID: 1511601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15116.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0173
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
***************************************************************
Title: BIOS ROM Corruption Vulnerability (CVE-2012-1515)
Severity: High
Fixlet ID: 1520901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15209.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1515
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
***************************************************************
Title: TrueType Font Parsing Vulnerability (CVE-2011-3402)
Severity: High
Fixlet ID: 1529001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15290.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
***************************************************************
Title: Scrolling Events Information Disclosure Vulnerability (CVE-2012-1882)
Severity: Medium
Fixlet ID: 1536701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15367.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1882
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."
***************************************************************
Title: OnRowsInserted Event Remote Code Execution Vulnerability (CVE-2012-1881)
Severity: High
Fixlet ID: 1537801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15378.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1881
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
***************************************************************
Title: Developer Toolbar Remote Code Execution Vulnerability (CVE-2012-1874)
Severity: High
Fixlet ID: 1542501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15425.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1874
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
***************************************************************
Title: Title Element Change Remote Code Execution Vulnerability (CVE-2012-1877)
Severity: High
Fixlet ID: 1547201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15472.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1877
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
***************************************************************
Title: String Atom Class Name Handling Vulnerability (CVE-2012-1864)
Severity: High
Fixlet ID: 1549601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15496.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1864
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
***************************************************************
Title: Font Resource Refcount Integer Overflow Vulnerability (CVE-2012-1867)
Severity: High
Fixlet ID: 1551001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15510.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1867
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
***************************************************************
Title: HTML Sanitization Vulnerability (CVE-2012-1858)
Severity: Medium
Fixlet ID: 1553001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15530.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1858
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
***************************************************************
Title: Col Element Remote Code Execution Vulnerability (CVE-2012-1876)
Severity: High
Fixlet ID: 1553901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15539.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1876
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
***************************************************************
Title: Center Element Remote Code Execution Vulnerability (CVE-2012-1523)
Severity: High
Fixlet ID: 1557901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15579.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1523
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
***************************************************************
Title: insertAdjacentText Remote Code Execution Vulnerability (CVE-2012-1879)
Severity: High
Fixlet ID: 1558801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15588.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1879
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."
***************************************************************
Title: User Mode Scheduler Memory Corruption Vulnerability (CVE-2012-0217)
Severity: High
Fixlet ID: 1559601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15596.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0217
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability."
***************************************************************
Title: EUC-JP Character Encoding Vulnerability (CVE-2012-1872)
Severity: Medium
Fixlet ID: 1562901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15629.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1872
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
***************************************************************
Title: OnBeforeDeactivate Event Remote Code Execution Vulnerability (CVE-2012-1878)
Severity: High
Fixlet ID: 1563201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15632.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1878
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
***************************************************************
Title: Win32k.sys Race Condition Vulnerability (CVE-2012-1868)
Severity: Medium
Fixlet ID: 1564701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15647.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1868
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
***************************************************************
Title: String Atom Class Name Handling Vulnerability (CVE-2012-1865)
Severity: High
Fixlet ID: 1564901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15649.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1865
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
***************************************************************
Title: Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
Severity: High
Fixlet ID: 1566301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15663.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1875
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
***************************************************************
Title: TrueType Font Parsing Vulnerability (CVE-2012-0159)
Severity: High
Fixlet ID: 1566701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15667.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0159
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
More information about the WinVulns-Announcements
mailing list