[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Mar 17 05:20:20 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 289 Published: Fri, 16 Mar 2012 22:48:55 GMT
New Fixlets:
============
***************************************************************
Title: Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks
Severity: High
Fixlet ID: 1439701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14397.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3037
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors related to the handling of SVG values
Severity: High
Fixlet ID: 1443801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14438.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3032
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
***************************************************************
Title: Vulnerability in the extension subsystem in Google Chrome before 17.0.963.78
Severity: High
Fixlet ID: 1468601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14686.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors involving SVG animation elements.
Severity: High
Fixlet ID: 1483001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14830.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3044
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors involving an SVG document
Severity: High
Fixlet ID: 1483901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14839.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3034
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors related to quote handling.
Severity: High
Fixlet ID: 1490401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14904.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3039
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors related to the handling of class attributes.
Severity: High
Fixlet ID: 1492301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14923.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
***************************************************************
Title: Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65
Severity: High
Fixlet ID: 1496701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14967.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3031
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors related to the handling of table sections.
Severity: High
Fixlet ID: 1498901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14989.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
***************************************************************
Title: Google Chrome before 17.0.963.65 does not properly handle text
Severity: Medium
Fixlet ID: 1499601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14996.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3040
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
***************************************************************
Title: Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes
Severity: High
Fixlet ID: 1507201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15072.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3036
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.
Severity: High
Fixlet ID: 1507701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15077.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.
***************************************************************
Title: Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65
Severity: High
Fixlet ID: 1509401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15094.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3033
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors involving SVG use elements
Severity: High
Fixlet ID: 1509701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15097.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3035
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 17.0.963.65 via vectors related to multi-column handling.
Severity: High
Fixlet ID: 1510601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15106.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3038
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
More information about the WinVulns-Announcements
mailing list