[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jan 4 05:22:53 PST 2013
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 325 Published: Thu, 03 Jan 2013 20:15:45 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in Apple QuickTime before 7.7.2 via a crafted .pict file
Severity: High
Fixlet ID: 1521901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15219.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0671
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 23.0.1271.97 via vectors related to the URL loader
Severity: High
Fixlet ID: 1530101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15301.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5140
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows via a movie file containing crafted Clipping Region (CRGN) atom types
Severity: High
Fixlet ID: 1534401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15344.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0954
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.
***************************************************************
Title: Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in
Severity: High
Fixlet ID: 1542801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15428.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5141
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows via crafted Track Header (aka tkhd) atoms.
Severity: High
Fixlet ID: 1562501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15625.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1508
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
***************************************************************
Title: Vulnerability in Apple QuickTime before 7.6.9 via a crafted FlashPix file
Severity: High
Fixlet ID: 1564201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15642.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3801
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
***************************************************************
Title: Vulnerability in Apple QuickTime before 7.7 on Windows via a crafted image description associated with an mp4v tag in a movie file
Severity: High
Fixlet ID: 1567101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15671.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0258
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows via a crafted GIF file
Severity: High
Fixlet ID: 1568101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15681.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0246
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.6.2 via crafted MS ADPCM encoded audio data in an AVI movie file
Severity: High
Fixlet ID: 1572701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15727.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0185
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.
***************************************************************
Title: InjectHTMLStream Use After Free Vulnerability - MS12-077
Severity: High
Fixlet ID: 1573101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15731.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4781
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7 via a crafted pict file
Severity: High
Fixlet ID: 1575501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15755.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0245
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.3 via a crafted REGION record in a PICT file
Severity: High
Fixlet ID: 1578201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15782.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1374
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.6.2 via a crafted compressed PSD image
Severity: High
Fixlet ID: 1579301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15793.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0952
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.2 via a crafted movie file with RLE encoding
Severity: High
Fixlet ID: 1582101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15821.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0668
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.
***************************************************************
Title: Integer overflow in Apple QuickTime before 7.7.1 via a crafted movie file with JPEG2000 encoding
Severity: High
Fixlet ID: 1582501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15825.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3250
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
***************************************************************
Title: Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue"
Severity: High
Fixlet ID: 1584101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15841.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3628
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
***************************************************************
Title: TrueType Font Parsing Vulnerability - MS12-078
Severity: High
Fixlet ID: 1584501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15845.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4786
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
***************************************************************
Title: Integer overflow in Apple QuickTime before 7.5.5 on Windows via a crafted PICT image, which triggers heap corruption
Severity: Medium
Fixlet ID: 1585101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15851.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3614
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
***************************************************************
Title: Integer signedness error in Apple QuickTime before 7.7.2 on Windows via a crafted QTVR movie file
Severity: High
Fixlet ID: 1585801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15858.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0667
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.
***************************************************************
Title: Vulnerability in Apple QuickTime before 7.6.9 via a crafted PICT file.
Severity: High
Fixlet ID: 1585901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15859.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3800
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
***************************************************************
Title: Vulnerability in Apple QuickTime before 7.7.1 on Windows via crafted TKHD atoms in a QuickTime movie file
Severity: High
Fixlet ID: 1586101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15861.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3251
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7 via crafted STTS atoms in a QuickTime movie file
Severity: High
Fixlet ID: 1588401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15884.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0252
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7 via crafted STSS atoms in a QuickTime movie file
Severity: High
Fixlet ID: 1588501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15885.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0250
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.
***************************************************************
Title: Windows Filename Parsing Vulnerability - MS12-081
Severity: High
Fixlet ID: 1590101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15901.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4774
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
***************************************************************
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080
Severity: Low
Fixlet ID: 1591101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15911.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3217
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.
***************************************************************
Title: Stack-based buffer overflow in Apple QuickTime before 7.5.5 via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms
Severity: High
Fixlet ID: 1593501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15935.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7.2 via a crafted movie file with H.264 encoding
Severity: High
Fixlet ID: 1593801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15938.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0665
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.6.2 via a crafted PICT image
Severity: High
Fixlet ID: 1593901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15939.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0953
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
***************************************************************
Title: Buffer overflow in the plugin in Apple QuickTime before 7.7.3 via a crafted MIME type
Severity: High
Fixlet ID: 1594701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15947.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3753
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file
Severity: High
Fixlet ID: 1595101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15951.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3758
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file.
***************************************************************
Title: Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3
Severity: High
Fixlet ID: 1598601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15986.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3754
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.3 via a crafted Targa image
Severity: High
Fixlet ID: 1600201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16002.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3755
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
***************************************************************
Title: Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows via a crafted TeXML file
Severity: High
Fixlet ID: 1600601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16006.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.
***************************************************************
Title: Google Chrome before 23.0.1271.97 does not properly perform AAC decoding
Severity: High
Fixlet ID: 1600701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16007.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5144
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 23.0.1271.97 does not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Integer signedness error in Apple QuickTime before 7.7.1
Severity: High
Fixlet ID: 1601201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16012.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3248
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
***************************************************************
Title: Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read
Severity: Medium
Fixlet ID: 1601901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16019.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3629
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
***************************************************************
Title: Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account
Severity: Low
Fixlet ID: 1603601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16036.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0530
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.
***************************************************************
Title: Integer signedness error in Apple QuickTime before 7.7 via a crafted PnSize opcode in a PICT file
Severity: High
Fixlet ID: 1605901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16059.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0257
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 23.0.1271.97 via vectors related to visibility events.
Severity: High
Fixlet ID: 1606401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16064.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5139
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.3 via a crafted rnet box in an MP4 movie file
Severity: High
Fixlet ID: 1606501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16065.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3756
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
***************************************************************
Title: CMarkup Use After Free Vulnerability - MS12-077
Severity: High
Fixlet ID: 1606601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16066.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4782
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
***************************************************************
Title: OpenType Font Parsing Vulnerability - MS12-078
Severity: High
Fixlet ID: 1606701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16067.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2556
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
***************************************************************
Title: Integer overflow in Apple QuickTime before 7.7.1 on Windows via a crafted PICT file
Severity: High
Fixlet ID: 1607101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16071.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3247
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
***************************************************************
Title: Word RTF 'listoverridecount' Remote Code Execution Vulnerability - MS12-079
Severity: High
Fixlet ID: 1607301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16073.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2539
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
***************************************************************
Title: Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file
Severity: High
Fixlet ID: 1608501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16085.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0188
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.
***************************************************************
Title: DirectPlay Heap Overflow Vulnerability - MS12-082
Severity: High
Fixlet ID: 1608601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16086.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1537
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7 via crafted STSC atoms in a QuickTime movie file
Severity: High
Fixlet ID: 1608901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16089.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0249
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.
***************************************************************
Title: Integer overflow in Apple QuickTime before 7.7 via crafted track run atoms in a QuickTime movie file
Severity: High
Fixlet ID: 1609701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16097.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0256
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.6.2 via a crafted FLC compression file
Severity: High
Fixlet ID: 1609801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16098.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0951
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
***************************************************************
Title: Integer signedness error in Apple QuickTime before 7.6.9 via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.
Severity: High
Fixlet ID: 1610501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16105.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3802
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.
***************************************************************
Title: Integer overflow in Apple QuickTime before 7.7.2 via a crafted sean atom in a movie file
Severity: High
Fixlet ID: 1611101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16111.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.
***************************************************************
Title: Revoked Certificate Bypass Vulnerability - MS12-083
Severity: Medium
Fixlet ID: 1611701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16117.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2549
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.2 on Windows via a crafted movie file with Sorenson encoding
Severity: High
Fixlet ID: 1611901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16119.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0669
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
***************************************************************
Title: Multiple buffer overflows in Apple QuickTime before 7.7.3 via a crafted style element in a QuickTime TeXML file
Severity: High
Fixlet ID: 1612101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16121.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3752
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
***************************************************************
Title: Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows via a crafted QTMovie object
Severity: High
Fixlet ID: 1612301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16123.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0666
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.5.5 via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms
Severity: Medium
Fixlet ID: 1612401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16124.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3624
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
***************************************************************
Title: Buffer overflow in Apple QuickTime before 7.7.1 via a crafted movie file with FLC encoding
Severity: High
Fixlet ID: 1613001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16130.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3249
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7 via crafted STSZ atoms in a QuickTime movie file
Severity: High
Fixlet ID: 1614301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16143.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0251
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows via a crafted text track in a movie file
Severity: High
Fixlet ID: 1614801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16148.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.
***************************************************************
Title: The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corru
Severity: Medium
Fixlet ID: 1615201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16152.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3626
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
***************************************************************
Title: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image
Severity: High
Fixlet ID: 1615501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16155.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0957
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
***************************************************************
Title: RSS Feed May Cause Exchange DoS Vulnerability - MS12-080
Severity: Low
Fixlet ID: 1615801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4791
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
***************************************************************
Title: Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue"
Severity: High
Fixlet ID: 1615901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16159.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0955
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
***************************************************************
Title: Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, w
Severity: High
Fixlet ID: 1616401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16164.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3627
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.
***************************************************************
Title: Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element
Severity: High
Fixlet ID: 1616601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16166.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3751
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element.
***************************************************************
Title: Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file
Severity: High
Fixlet ID: 1616701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16167.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3757
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
***************************************************************
Title: Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows via a crafted pathname for a file
Severity: High
Fixlet ID: 1617001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16170.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0265
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.
***************************************************************
Title: Google Chrome before 23.0.1271.97 does not properly handle history navigation
Severity: High
Fixlet ID: 1617301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16173.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5142
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
***************************************************************
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080
Severity: Low
Fixlet ID: 1617801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16178.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3214
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
***************************************************************
Title: Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows via a crafted H.264 movie.
Severity: High
Fixlet ID: 1618601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16186.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0247
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.
***************************************************************
Title: Integer overflow in Google Chrome before 23.0.1271.97 via vectors related to PPAPI image buffers
Severity: High
Fixlet ID: 1618701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16187.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
***************************************************************
Title: Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size z
Severity: High
Fixlet ID: 1618801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16188.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0956
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero.
***************************************************************
Title: Improper Ref Counting Use After Free Vulnerability - MS12-077
Severity: High
Fixlet ID: 1621101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16211.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4787
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
***************************************************************
Title: Integer overflow in Apple QuickTime before 7.6.9 via a crafted movie file
Severity: High
Fixlet ID: 1621801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16218.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4009
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
More information about the WinVulns-Announcements
mailing list