[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Jan 23 05:21:30 PST 2013
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 327 Published: Tue, 22 Jan 2013 20:57:00 GMT
New Fixlets:
============
***************************************************************
Title: MSXML XSLT Vulnerability - MS13-002
Severity: High
Fixlet ID: 1545801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval15458.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0007
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
***************************************************************
Title: Double Construction Vulnerability - MS13-004
Severity: High
Fixlet ID: 1633901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16339.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0004
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
***************************************************************
Title: S.DS.P Buffer Overflow Vulnerability - MS13-004
Severity: High
Fixlet ID: 1638101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16381.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0003
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
More information about the WinVulns-Announcements
mailing list