From winvulns-announcements at bigmail.bigfix.com  Wed Apr  9 05:20:17 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 9 Apr 2014 05:20:17 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.1334.1397046029.4586.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 356	Published: Wed, 09 Apr 2014 02:49:57  GMT

New Fixlets:
============

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3608)
Severity: High
Fixlet ID: 2347701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23477.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3608
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3681)
Severity: High
Fixlet ID: 2349601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23496.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3681
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Apple Safari vulnerability, which allows remote attackers to bypass authentication by leveraging an unattended workstation
Severity: Medium
Fixlet ID: 2358401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23584.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0680
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3636)
Severity: High
Fixlet ID: 2360201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23602.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3636
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari, which allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites
Severity: Medium
Fixlet ID: 2363501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23635.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0214
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3641)
Severity: High
Fixlet ID: 2366601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23666.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3641
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3639)
Severity: High
Fixlet ID: 2376901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23769.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3639
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3667)
Severity: High
Fixlet ID: 2378701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23787.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3667
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries
Severity: Medium
Fixlet ID: 2380301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23803.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1485
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3611)
Severity: High
Fixlet ID: 2381701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23817.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3611
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari 4.0.4 on Windows allows remote attackers to cause a denial of service
Severity: Medium
Fixlet ID: 2382701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23827.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0925
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

***************************************************************
Title: Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document (CVE-2011-1908)
Severity: High
Fixlet ID: 2385101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23851.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1908
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3632)
Severity: High
Fixlet ID: 2387201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23872.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3632
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: Foxit Reader JPEG2000 Header Decoding Memory Corruption Vulnerability (CVE-2009-0690)
Severity: High
Fixlet ID: 2387501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23875.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0690
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3610)
Severity: High
Fixlet ID: 2393501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23935.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3610
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Foxit Reader authorization bypass vulnerability (CVE-2009-0836)
Severity: High
Fixlet ID: 2393801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23938.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0836
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3596)
Severity: High
Fixlet ID: 2395101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23951.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3596
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3078)
Severity: High
Fixlet ID: 2396701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23967.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 5.0 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages
Severity: Medium
Fixlet ID: 2397701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23977.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2264
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3678)
Severity: High
Fixlet ID: 2400801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24008.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3678
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3679)
Severity: High
Fixlet ID: 2401801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24018.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3679
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)
Severity: Medium
Fixlet ID: 2402601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24026.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0983
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1006)
Severity: High
Fixlet ID: 2403301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24033.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1006
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: Foxit Reader stack-based buffer overflow (CVE-2009-0837)
Severity: High
Fixlet ID: 2403401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24034.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0837
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-1520)
Severity: High
Fixlet ID: 2403901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24039.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1520
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, 
Severity: High
Fixlet ID: 2405901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24059.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1239
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3687)
Severity: High
Fixlet ID: 2406501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24065.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3687
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 does not properly handle drag-and-drop events
Severity: Medium
Fixlet ID: 2408001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24080.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3689
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3621)
Severity: High
Fixlet ID: 2409001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24090.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3621
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3607)
Severity: High
Fixlet ID: 2410001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24100.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3607
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: Foxit Reader JPEG2000 Header Decoding Memory Corruption Vulnerability (CVE-2009-0691)
Severity: High
Fixlet ID: 2410701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24107.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3664)
Severity: High
Fixlet ID: 2411001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24110.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)
Severity: Medium
Fixlet ID: 2412001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24120.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0981
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1010)
Severity: High
Fixlet ID: 2412901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24129.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1010
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: Foxit Reader Insecure Library Loading (CVE-2011-3691)
Severity: High
Fixlet ID: 2413101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24131.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via 
Severity: High
Fixlet ID: 2414101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24141.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1486
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which makes it easier for remote web servers to track users via a cookie
Severity: Medium
Fixlet ID: 2414501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24145.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0640
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3595)
Severity: High
Fixlet ID: 2414601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24146.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3595
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3600)
Severity: High
Fixlet ID: 2414701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24147.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3600
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1000)
Severity: High
Fixlet ID: 2415701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24157.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1000
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3682)
Severity: High
Fixlet ID: 2416101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24161.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3638)
Severity: High
Fixlet ID: 2416301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24163.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3638
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3618)
Severity: High
Fixlet ID: 2416501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24165.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3618
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3599)
Severity: High
Fixlet ID: 2416601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24166.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3599
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3591)
Severity: High
Fixlet ID: 2417101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24171.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3591
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-0682)
Severity: High
Fixlet ID: 2418701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24187.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3674)
Severity: High
Fixlet ID: 2419101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24191.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-0683)
Severity: High
Fixlet ID: 2419501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24195.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3630)
Severity: High
Fixlet ID: 2421001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24210.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3630
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3655)
Severity: High
Fixlet ID: 2421701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24217.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3655
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that co
Severity: Medium
Fixlet ID: 2422201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24222.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4759
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3665)
Severity: High
Fixlet ID: 2422401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24224.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3665
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3628)
Severity: High
Fixlet ID: 2423201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24232.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3628
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3683)
Severity: High
Fixlet ID: 2423401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24234.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3594)
Severity: High
Fixlet ID: 2423901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24239.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3594
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3646)
Severity: High
Fixlet ID: 2424601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24246.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3646
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3590)
Severity: High
Fixlet ID: 2424701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24247.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3590
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Severity: High
Fixlet ID: 2425001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24250.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1484
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which might allow remote web servers to capture credentials by logging the Authorization HTTP header
Severity: Medium
Fixlet ID: 2425101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24251.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0647
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3645)
Severity: High
Fixlet ID: 2425301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24253.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3645
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-0999)
Severity: High
Fixlet ID: 2425701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24257.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0999
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3670)
Severity: High
Fixlet ID: 2426401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24264.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1003)
Severity: High
Fixlet ID: 2426601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1003
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3593)
Severity: High
Fixlet ID: 2426801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24268.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3593
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Severity: High
Fixlet ID: 2426901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24269.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0387
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1008)
Severity: High
Fixlet ID: 2427001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24270.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1008
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1001)
Severity: High
Fixlet ID: 2427101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24271.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1001
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3604)
Severity: High
Fixlet ID: 2427301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24273.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3604
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3610)
Severity: High
Fixlet ID: 2428101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24281.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3610
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3653)
Severity: High
Fixlet ID: 2429001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24290.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3653
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1005)
Severity: High
Fixlet ID: 2429601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24296.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1005
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3668)
Severity: High
Fixlet ID: 2430201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24302.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3668
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs
Severity: Medium
Fixlet ID: 2430501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24305.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3693
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3615)
Severity: High
Fixlet ID: 2430801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24308.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3615
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3620)
Severity: High
Fixlet ID: 2431001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24310.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3620
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3603)
Severity: High
Fixlet ID: 2431101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24311.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3603
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1007)
Severity: High
Fixlet ID: 2431301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24313.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1007
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3633)
Severity: High
Fixlet ID: 2432001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24320.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3633
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3640)
Severity: High
Fixlet ID: 2432901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24329.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3640
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3606)
Severity: High
Fixlet ID: 2433001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24330.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3606
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3663)
Severity: High
Fixlet ID: 2433301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24333.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information
Severity: Medium
Fixlet ID: 2433501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24335.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0166
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content.  NOTE: this might overlap CVE-2011-0778.

***************************************************************
Title: Foxit Reader PDF Handling Multiple Remote Vulnerabilities (CVE-2009-0191)
Severity: High
Fixlet ID: 2434101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24341.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0191
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which might allow remote web servers to capture credentials
Severity: Medium
Fixlet ID: 2434601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24346.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0160
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values
Severity: Medium
Fixlet ID: 2434801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24348.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3089)
Severity: High
Fixlet ID: 2435101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24351.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3597)
Severity: High
Fixlet ID: 2435601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3597
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari, which allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites
Severity: Medium
Fixlet ID: 2435701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24357.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0219
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2012-1521)
Severity: High
Fixlet ID: 2436201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24362.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1521
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3592)
Severity: High
Fixlet ID: 2436301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24363.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3592
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3626)
Severity: High
Fixlet ID: 2436401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24364.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3626
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3609)
Severity: High
Fixlet ID: 2436501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24365.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3609
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3644)
Severity: High
Fixlet ID: 2437101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24371.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3644
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3642)
Severity: High
Fixlet ID: 2437301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24373.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3642
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3634)
Severity: High
Fixlet ID: 2437401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24374.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3634
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3666)
Severity: High
Fixlet ID: 2437701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24377.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3666
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1004)
Severity: High
Fixlet ID: 2437901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24379.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1004
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3589)
Severity: High
Fixlet ID: 2438201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24382.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3589
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3680)
Severity: High
Fixlet ID: 2438401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24384.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3680
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3625)
Severity: High
Fixlet ID: 2438801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24388.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3686)
Severity: High
Fixlet ID: 2438901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24389.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3686
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3669)
Severity: High
Fixlet ID: 2439001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24390.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3669
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3086)
Severity: High
Fixlet ID: 2439301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24393.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3625)
Severity: High
Fixlet ID: 2439901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24399.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Severity: Low
Fixlet ID: 2440501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deploym
Severity: High
Fixlet ID: 2440601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24406.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1487
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3081)
Severity: High
Fixlet ID: 2441301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24413.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3081
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.

***************************************************************
Title: Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references (CVE-2012-4337)
Severity: High
Fixlet ID: 2441401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24414.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4337
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3629)
Severity: High
Fixlet ID: 2441501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24415.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3629
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3605)
Severity: High
Fixlet ID: 2441701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24417.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3605
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3701)
Severity: High
Fixlet ID: 2442401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24424.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3701
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1002)
Severity: High
Fixlet ID: 2442601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24426.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1002
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3656)
Severity: High
Fixlet ID: 2442901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24429.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3656
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3661)
Severity: High
Fixlet ID: 2443001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24430.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3661
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors
Severity: Medium
Fixlet ID: 2443401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24434.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0676
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service
Severity: Medium
Fixlet ID: 2443501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24435.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

***************************************************************
Title: Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow (CVE-2011-0332)
Severity: High
Fixlet ID: 2444301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24443.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0332
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-5112)
Severity: High
Fixlet ID: 2445101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24451.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5112
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3637)
Severity: High
Fixlet ID: 2445201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24452.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3637
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3627)
Severity: High
Fixlet ID: 2445601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24456.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3627
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3635)
Severity: High
Fixlet ID: 2445901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24459.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3635
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: JavaScript vulnerability in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method
Severity: Medium
Fixlet ID: 2446001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24460.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5070
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264.  NOTE: this may overlap CVE-2010-5073.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3631)
Severity: High
Fixlet ID: 2446301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24463.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3631
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service
Severity: Medium
Fixlet ID: 2446701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24467.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0924
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

***************************************************************
Title: Vulnerability in Apple Safari, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site
Severity: Medium
Fixlet ID: 2448601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24486.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0314
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.


From winvulns-announcements at bigmail.bigfix.com  Tue Apr 15 05:20:16 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Tue, 15 Apr 2014 05:20:16 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.347.1397564426.1874.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 357	Published: Tue, 15 Apr 2014 01:12:39  GMT

New Fixlets:
============

***************************************************************
Title: Word RTF memory corruption vulnerability (CVE-2014-1761) - MS14-017
Severity: High
Fixlet ID: 2398301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23983.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

***************************************************************
Title: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server (CVE-2014-0098)
Severity: Medium
Fixlet ID: 2410101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24101.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-1751) - MS14-018
Severity: High
Fixlet ID: 2421801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24218.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1751
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755.

***************************************************************
Title: The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read
Severity: Medium
Fixlet ID: 2424101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24241.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

***************************************************************
Title: Microsoft Office file format converter vulnerability (CVE-2014-1757) - MS14-017
Severity: High
Fixlet ID: 2431801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24318.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1757
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."

***************************************************************
Title: Microsoft Word stack overflow vulnerability (CVE-2014-1758) - MS14-017
Severity: High
Fixlet ID: 2435801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1758
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-1753) - MS14-018
Severity: High
Fixlet ID: 2438101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24381.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1753
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Windows file handling vulnerability - CVE-2014-0315 (MS14-019)
Severity: High
Fixlet ID: 2444201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24442.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0315
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."

***************************************************************
Title: Arbitrary pointer dereference vulnerability - CVE-2014-1759 (MS14-020)
Severity: High
Fixlet ID: 2452401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24524.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1759
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-1760) - MS14-018
Severity: High
Fixlet ID: 2453101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24531.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1760
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-1752) - MS14-018
Severity: High
Fixlet ID: 2455101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24551.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1752
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-1755) - MS14-018
Severity: High
Fixlet ID: 2459001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24590.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1755
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1751.

***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-0235) - MS14-018
Severity: High
Fixlet ID: 2462901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24629.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.


From winvulns-announcements at bigmail.bigfix.com  Tue Apr 22 05:20:17 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Tue, 22 Apr 2014 05:20:17 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.1224.1398169228.1874.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 358	Published: Mon, 21 Apr 2014 21:04:50  GMT

New Fixlets:
============

***************************************************************
Title: Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors
Severity: High
Fixlet ID: 2396301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23963.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4995
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

***************************************************************
Title: Cross-site scripting vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
Severity: Medium
Fixlet ID: 2436801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24368.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0509
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows, Adobe AIR before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

***************************************************************
Title: Vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
Severity: Medium
Fixlet ID: 2456101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24561.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0508
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows, Adobe AIR before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

***************************************************************
Title: Buffer overflow vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
Severity: High
Fixlet ID: 2461301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24613.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0507
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows, Adobe AIR before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.


From winvulns-announcements at bigmail.bigfix.com  Tue Apr 29 05:20:16 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Tue, 29 Apr 2014 05:20:16 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.2231.1398774026.1874.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 359	Published: Tue, 29 Apr 2014 01:37:53  GMT

New Fixlets:
============

***************************************************************
Title: The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted docum
Severity: Low
Fixlet ID: 2371601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23716.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1504
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

***************************************************************
Title: Multiple unspecified vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1729)
Severity: High
Fixlet ID: 2371801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23718.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1729
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

***************************************************************
Title: The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same O
Severity: High
Fixlet ID: 2374401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23744.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1505
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.

***************************************************************
Title: Multiple unspecified vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1728)
Severity: High
Fixlet ID: 2382901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23829.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1728
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

***************************************************************
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1726)
Severity: Medium
Fixlet ID: 2394401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23944.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1726
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1720)
Severity: High
Fixlet ID: 2398801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23988.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1720
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.

***************************************************************
Title: The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to tri
Severity: High
Fixlet ID: 2401701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24017.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1510
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

***************************************************************
Title: Cross-site scripting vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1716)
Severity: High
Fixlet ID: 2413001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24130.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1716
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

***************************************************************
Title: The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified ve
Severity: High
Fixlet ID: 2414401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24144.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1502
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

***************************************************************
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1725)
Severity: Medium
Fixlet ID: 2420701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24207.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1725
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

***************************************************************
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1717)
Severity: High
Fixlet ID: 2424301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24243.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1717
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1722)
Severity: High
Fixlet ID: 2427801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24278.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1722
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.

***************************************************************
Title: Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
Severity: High
Fixlet ID: 2444701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24447.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1511
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

***************************************************************
Title: Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
Severity: Medium
Fixlet ID: 2447701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24477.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1500
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

***************************************************************
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow
Severity: High
Fixlet ID: 2449001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24490.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1494
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

***************************************************************
Title: Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
Severity: Medium
Fixlet ID: 2449701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24497.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1499
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

***************************************************************
Title: The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a de
Severity: High
Fixlet ID: 2450001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24500.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1497
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.

***************************************************************
Title: Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering 
Severity: High
Fixlet ID: 2451201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24512.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1512
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

***************************************************************
Title: The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of serv
Severity: High
Fixlet ID: 2451901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24519.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1508
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1724)
Severity: High
Fixlet ID: 2453201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24532.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1724
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.

***************************************************************
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and applicat
Severity: High
Fixlet ID: 2453401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24534.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1493
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

***************************************************************
Title: Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors
Severity: High
Fixlet ID: 2453801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24538.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0512
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1727)
Severity: High
Fixlet ID: 2454601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24546.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1727
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.

***************************************************************
Title: Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a craft
Severity: High
Fixlet ID: 2454901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24549.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1509
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.

***************************************************************
Title: Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
Severity: High
Fixlet ID: 2457001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24570.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1496
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

***************************************************************
Title: TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute a
Severity: High
Fixlet ID: 2457101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24571.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1513
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.

***************************************************************
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1723)
Severity: High
Fixlet ID: 2459401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24594.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1723
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.

***************************************************************
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1721)
Severity: High
Fixlet ID: 2460201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24602.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1721
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.

***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1719)
Severity: High
Fixlet ID: 2460801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24608.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1719
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.

***************************************************************
Title: The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generatio
Severity: Medium
Fixlet ID: 2461701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24617.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1498
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10
Severity: Medium
Fixlet ID: 2461801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24618.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2441
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.

***************************************************************
Title: vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute
Severity: High
Fixlet ID: 2462501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24625.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1514
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.

***************************************************************
Title: Use-after-free vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
Severity: High
Fixlet ID: 2465701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24657.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0506
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

***************************************************************
Title: Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors
Severity: High
Fixlet ID: 2466101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24661.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0511
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

***************************************************************
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1718)
Severity: High
Fixlet ID: 2466901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24669.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1718
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.