[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Sep 7 05:24:38 PDT 2012
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 317 Published: Thu, 06 Sep 2012 23:21:25 GMT
New Fixlets:
============
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - XII
Severity: Low
Fixlet ID: 1483401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14834.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3109
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - V
Severity: Low
Fixlet ID: 1488201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14882.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1770
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries
Severity: Low
Fixlet ID: 1496301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval14963.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4289
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.
***************************************************************
Title: Remote Administration Protocol Heap Overflow Vulnerability - MS12-054
Severity: High
Fixlet ID: 1507901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15079.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1852
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability."
***************************************************************
Title: The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library
Severity: Low
Fixlet ID: 1515801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4292
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
***************************************************************
Title: Layout memory corruption vulnerability - MS12-052
Severity: High
Fixlet ID: 1524001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15240.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1526
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - III
Severity: Low
Fixlet ID: 1527501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15275.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1768
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - VII
Severity: Low
Fixlet ID: 1532301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15323.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1772
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Remote Administration Protocol Stack Overflow Vulnerability - MS12-054
Severity: High
Fixlet ID: 1540801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15408.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1853
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability."
***************************************************************
Title: MSCOMCTL.OCX RCE Vulnerability - MS12-060
Severity: High
Fixlet ID: 1544701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15447.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1856
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
***************************************************************
Title: Virtual function table corruption remote code execution vulnerability - MS12-052
Severity: High
Fixlet ID: 1549801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15498.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2522
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
***************************************************************
Title: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields
Severity: Low
Fixlet ID: 1552701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15527.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4293
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.
***************************************************************
Title: Print Spooler Service Format String Vulnerability - MS12-054
Severity: High
Fixlet ID: 1553101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15531.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1851
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - VIII
Severity: Low
Fixlet ID: 1556801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15568.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1773
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
Severity: Low
Fixlet ID: 1558301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15583.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4296
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - IX
Severity: Low
Fixlet ID: 1560801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15608.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3106
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet
Severity: Low
Fixlet ID: 1561901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15619.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4290
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - X
Severity: Low
Fixlet ID: 1564801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15648.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3107
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Remote Desktop Protocol Vulnerability - MS12-053
Severity: High
Fixlet ID: 1565001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15650.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2526
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability."
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - VI
Severity: Low
Fixlet ID: 1566801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15668.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1771
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Remote Administration Protocol Denial of Service Vulnerability - MS12-054
Severity: Medium
Fixlet ID: 1566901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15669.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1850
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
***************************************************************
Title: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2
Severity: Medium
Fixlet ID: 1567301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15673.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4294
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
***************************************************************
Title: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file
Severity: Medium
Fixlet ID: 1569301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15693.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4286
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file.
***************************************************************
Title: CGM File Format Memory Corruption Vulnerability - MS12-057
Severity: High
Fixlet ID: 1570201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15702.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2524
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
***************************************************************
Title: Win32k Use After Free Vulnerability - MS12-055
Severity: High
Fixlet ID: 1570601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15706.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2527
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
***************************************************************
Title: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and applicatio
Severity: Low
Fixlet ID: 1571201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15712.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4285
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.
***************************************************************
Title: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2
Severity: Low
Fixlet ID: 1571801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15718.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4295
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - IV
Severity: Low
Fixlet ID: 1572101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15721.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1769
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - I
Severity: Low
Fixlet ID: 1572401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15724.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1766
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2
Severity: High
Fixlet ID: 1574101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15741.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4297
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.
***************************************************************
Title: Asynchronous null object access remote code execution vulnerability - MS12-052
Severity: High
Fixlet ID: 1574201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15742.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2521
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - XIII
Severity: Low
Fixlet ID: 1574701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15747.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3110
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2
Severity: Medium
Fixlet ID: 1577701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15777.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4298
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.
***************************************************************
Title: Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application
Severity: Low
Fixlet ID: 1578901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15789.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4288
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.
***************************************************************
Title: JavaScript Integer Overflow Remote Code Execution Vulnerability - MS12-052 and MS12-056
Severity: High
Fixlet ID: 1579001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15790.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2523
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - XI
Severity: Low
Fixlet ID: 1580401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15804.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3108
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Visio DXF File Format Buffer Overflow Vulnerability - MS12-059
Severity: High
Fixlet ID: 1581101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15811.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1888
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
***************************************************************
Title: Oracle Outside In contains multiple exploitable vulnerabilities - II
Severity: Low
Fixlet ID: 1581201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15812.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1767
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet
Severity: Low
Fixlet ID: 1581301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15813.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4291
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
***************************************************************
Title: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length
Severity: Medium
Fixlet ID: 1581801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15818.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4287
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
More information about the WinVulns-Announcements
mailing list