[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed May 23 05:20:08 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 302 Published: Tue, 22 May 2012 18:06:30 GMT
New Fixlets:
============
***************************************************************
Title: .NET Framework Buffer Allocation Vulnerability
Severity: High
Fixlet ID: 1465501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14655.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0162
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
***************************************************************
Title: Excel MergeCells Record Heap Overflow Vulnerability
Severity: High
Fixlet ID: 1473801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14738.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0185
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
***************************************************************
Title: Excel SXLI Record Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1478901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14789.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0184
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
***************************************************************
Title: TCP/IP Double Free Vulnerability
Severity: Medium
Fixlet ID: 1490801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14908.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0179
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
***************************************************************
Title: .NET Framework Serialization Vulnerability (CVE-2012-0161)
Severity: High
Fixlet ID: 1495101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14951.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0161
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
***************************************************************
Title: Excel Memory Corruption Using Various Modified Bytes Vulnerability
Severity: High
Fixlet ID: 1506401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15064.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element
Severity: Medium
Fixlet ID: 1510301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15103.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
***************************************************************
Title: Excel File Format Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1515201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15152.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0141
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability in the OGG container in Google Chrome before 19.0.1084.46 via vectors that trigger an out-of-bounds write.
Severity: High
Fixlet ID: 1515901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15159.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3095
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
***************************************************************
Title: Windows Firewall Bypass Vulnerability
Severity: Low
Fixlet ID: 1516001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15160.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0174
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
***************************************************************
Title: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46
Severity: High
Fixlet ID: 1519601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15196.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3091
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 via vectors involving a STYLE element.
Severity: High
Fixlet ID: 1520601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15206.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
***************************************************************
Title: Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 via vectors involving a malformed name for the font encoding.
Severity: High
Fixlet ID: 1520801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15208.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3099
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page
Severity: High
Fixlet ID: 1522301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15223.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not properly draw dash paths
Severity: Medium
Fixlet ID: 1522401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15224.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3100
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: Plug and Play (PnP) Configuration Manager Vulnerability
Severity: Medium
Fixlet ID: 1522901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15229.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0178
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not properly handle Tibetan text
Severity: Medium
Fixlet ID: 1523301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15233.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3094
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values
Severity: Medium
Fixlet ID: 1525601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15256.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
***************************************************************
Title: RTF Mismatch Vulnerability
Severity: High
Fixlet ID: 1532701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15327.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0183
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
***************************************************************
Title: Keyboard Layout File Vulnerability
Severity: High
Fixlet ID: 1535501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15355.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0181
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not properly handle glyphs
Severity: Medium
Fixlet ID: 1535801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3093
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: TrueType Font Parsing Vulnerability (CVE-2012-0159)
Severity: High
Fixlet ID: 1538801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15388.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0159
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
***************************************************************
Title: Vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 via an out-of-bounds write error in the implementation of sampled functions.
Severity: High
Fixlet ID: 1542201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15422.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3097
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
***************************************************************
Title: Windows and Messages Vulnerability
Severity: High
Fixlet ID: 1546601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15466.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0180
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 via vectors involving tables.
Severity: High
Fixlet ID: 1547401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15474.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
***************************************************************
Title: Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability
Severity: High
Fixlet ID: 1554301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15543.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0142
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."
***************************************************************
Title: .NET Framework Serialization Vulnerability (CVE-2012-0160)
Severity: High
Fixlet ID: 1555401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15554.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0160
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
***************************************************************
Title: Scrollbar Calculation Vulnerability
Severity: High
Fixlet ID: 1555501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15555.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1848
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not properly perform window navigation
Severity: High
Fixlet ID: 1556701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15567.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3087
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
***************************************************************
Title: Silverlight Double-Free Vulnerability
Severity: High
Fixlet ID: 1557401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15574.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0176
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
***************************************************************
Title: Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 1557501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15575.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1847
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability."
***************************************************************
Title: .NET Framework Index Comparison Vulnerability
Severity: Medium
Fixlet ID: 1558001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15580.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0164
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability."
***************************************************************
Title: Google Chrome before 19.0.1084.46 does not properly draw hairlines
Severity: Medium
Fixlet ID: 1558101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15581.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3088
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: Race condition in Google Chrome before 19.0.1084.46
Severity: High
Fixlet ID: 1560501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15605.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3090
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
***************************************************************
Title: VSD File Format Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1560601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15606.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0018
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability in regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46
Severity: High
Fixlet ID: 1561001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15610.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3092
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in
Severity: High
Fixlet ID: 1561801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15618.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3098
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
***************************************************************
Title: GDI+ Record Type Vulnerability
Severity: High
Fixlet ID: 1562101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15621.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0165
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
***************************************************************
Title: GDI+ Heap Overflow Vulnerability
Severity: High
Fixlet ID: 1562801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15628.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0167
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
***************************************************************
Title: TrueType Font Parsing Vulnerability (CVE-2011-3402)
Severity: High
Fixlet ID: 1564501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15645.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
More information about the WinVulns-Announcements
mailing list