[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Oct 19 05:20:43 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 320 Published: Thu, 18 Oct 2012 17:45:47 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in the compositor in Google Chrome before 22.0.1229.92
Severity: Medium
Fixlet ID: 1490101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14901.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5110
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
***************************************************************
Title: Vulnerability in the dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3
Severity: Low
Fixlet ID: 1499201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14992.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5237
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
***************************************************************
Title: Vulnerability in the Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94
Severity: High
Fixlet ID: 1515601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15156.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5376
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
***************************************************************
Title: Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins
Severity: High
Fixlet ID: 1551701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5111
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.
***************************************************************
Title: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94
Severity: High
Fixlet ID: 1552301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15523.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5112
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
***************************************************************
Title: epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data
Severity: Low
Fixlet ID: 1559301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5238
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.
***************************************************************
Title: Race condition in Google Chrome before 22.0.1229.92
Severity: High
Fixlet ID: 1565101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15651.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5108
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
***************************************************************
Title: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3
Severity: Medium
Fixlet ID: 1569101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15691.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5240
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.
***************************************************************
Title: Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text
Severity: High
Fixlet ID: 1572501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15725.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2900
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Vulnerability in ICU functionality in Google Chrome before 22.0.1229.92 via vectors related to a regular expression
Severity: Medium
Fixlet ID: 1577401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15774.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5109
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
More information about the WinVulns-Announcements
mailing list