[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Apr 9 05:20:10 PDT 2013
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 336 Published: Mon, 08 Apr 2013 19:23:49 GMT
New Fixlets:
============
***************************************************************
Title: Internet Explorer CCaret Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1604901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16049.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0090
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer CTreeNode Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1609501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16095.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1288
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer onBeforeCopy Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1623901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16239.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0093
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."
***************************************************************
Title: Visio Viewer Tree Object Type Confusion Vulnerability - MS13-023
Severity: High
Fixlet ID: 1630001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16300.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0079
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
***************************************************************
Title: Internet Explorer GetMarkupPtr Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1632401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16324.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0092
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer saveHistory Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1638601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16386.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0088
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."
***************************************************************
Title: Buffer Overflow Vulnerability - MS13-024
Severity: High
Fixlet ID: 1641401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16414.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0085
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
***************************************************************
Title: Microsoft kernel-mode drivers privilege elevation vulnerability (CVE-2013-1285) - MS13-027
Severity: High
Fixlet ID: 1644101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16441.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1285
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
***************************************************************
Title: SharePoint Directory Traversal Vulnerability - MS13-024
Severity: High
Fixlet ID: 1644501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16445.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0084
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
***************************************************************
Title: Microsoft kernel-mode drivers privilege elevation vulnerability (CVE-2013-1287) - MS13-027
Severity: High
Fixlet ID: 1649801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16498.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1287
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
***************************************************************
Title: Double dereference vulnerability in Microsoft Silverlight - MS13-022
Severity: High
Fixlet ID: 1651601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16516.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0074
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
***************************************************************
Title: Internet Explorer CElement Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1652601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16526.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0091
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
***************************************************************
Title: Vulnerability in Microsoft OneNote could allow information disclosure - MS13-025
Severity: Medium
Fixlet ID: 1653901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16539.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0086
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
***************************************************************
Title: Internet Explorer OnResize Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1658301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16583.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0087
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1658701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16587.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0089
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."
***************************************************************
Title: Microsoft kernel-mode drivers privilege elevation vulnerability (CVE-2013-1286) - MS13-027
Severity: High
Fixlet ID: 1659101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16591.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1286
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
***************************************************************
Title: Callback Function Vulnerability - MS13-024
Severity: High
Fixlet ID: 1659601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16596.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0080
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
***************************************************************
Title: Internet Explorer removeChild Use After Free Vulnerability - MS13-021
Severity: High
Fixlet ID: 1663401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16634.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0094
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."
More information about the WinVulns-Announcements
mailing list