[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Mar 9 05:20:28 PST 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 288 Published: Thu, 08 Mar 2012 21:53:25 GMT
New Fixlets:
============
***************************************************************
Title: GDI Access Violation Vulnerability
Severity: High
Fixlet ID: 1460301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14603.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
More information about the WinVulns-Announcements
mailing list