[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Oct 26 05:22:48 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 321 Published: Thu, 25 Oct 2012 17:51:54 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege - MS12-066
Severity: Medium
Fixlet ID: 1497601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14976.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2520
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
***************************************************************
Title: Reflected XSS Vulnerability - MS12-070
Severity: Medium
Fixlet ID: 1539501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15395.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2552
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
***************************************************************
Title: Word PAPX Section Corruption Vulnerability - MS12-064
Severity: High
Fixlet ID: 1542601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15426.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0182
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
***************************************************************
Title: Kerberos NULL dereference vulnerability - MS12-069
Severity: Medium
Fixlet ID: 1567401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15674.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2551
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
***************************************************************
Title: RTF File listid Use-After-Free Vulnerability - MS12-064
Severity: High
Fixlet ID: 1568001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15680.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2528
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
***************************************************************
Title: Windows Kernel Integer Overflow Vulnerability - MS12-068
Severity: Medium
Fixlet ID: 1586701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15867.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2529
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
More information about the WinVulns-Announcements
mailing list