[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed May 16 05:20:15 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 301 Published: Tue, 15 May 2012 19:47:20 GMT
New Fixlets:
============
***************************************************************
Title: The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 does not properly validate messages
Severity: High
Fixlet ID: 1496401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14964.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3079
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 does not properly validate messages, which has unspecified impact and attack vectors.
***************************************************************
Title: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168
Severity: High
Fixlet ID: 1539701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15397.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1521
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 via vectors related to the floating of elements (a different vulnerability than CVE-2011-3078)
Severity: High
Fixlet ID: 1559201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15592.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3081
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 via vectors related to the floating of elements (a different vulnerability than CVE-2011-3081)
Severity: High
Fixlet ID: 1561601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15616.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
***************************************************************
Title: Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168
Severity: High
Fixlet ID: 1562301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15623.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3080
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
More information about the WinVulns-Announcements
mailing list