[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Mar 22 05:21:46 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 290 Published: Tue, 20 Mar 2012 18:19:17 GMT
New Fixlets:
============
***************************************************************
Title: PostMessage Function Vulnerability
Severity: High
Fixlet ID: 1421701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14217.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0157
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
***************************************************************
Title: Remote Desktop Protocol Vulnerability
Severity: High
Fixlet ID: 1462301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14623.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0002
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
***************************************************************
Title: Terminal Server Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 1462601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14626.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0152
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
***************************************************************
Title: DirectWrite Application Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 1480701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14807.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0156
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
***************************************************************
Title: Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain
Severity: Medium
Fixlet ID: 1482801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14828.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0769
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.
***************************************************************
Title: Vulnerability in the GPU process in Google Chrome before 17.0.963.79
Severity: High
Fixlet ID: 1493501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14935.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
***************************************************************
Title: Expression Design Insecure Library Loading Vulnerability
Severity: High
Fixlet ID: 1497301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14973.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0016
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability."
***************************************************************
Title: The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code
Severity: High
Fixlet ID: 1505801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15058.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0768
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
***************************************************************
Title: Visual Studio Add-In Vulnerability
Severity: Medium
Fixlet ID: 1508101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15081.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0008
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
***************************************************************
Title: DNS Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 1509801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15098.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0006
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
More information about the WinVulns-Announcements
mailing list