[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Aug 20 05:20:20 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 394 Published: Tue, 19 Aug 2014 18:05:08 GMT
New Fixlets:
============
***************************************************************
Title: Internet Explorer memory corruption vulnerability (CVE-2014-0325) - MS14-018
Severity: High
Fixlet ID: 2623401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26234.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0325
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this.
***************************************************************
Title: Microsoft Internet Explorer contains a flaw that may allow bypassing the elevation policy checks in the Enhanced Protected Mode and Protected Mode mechanisms - CVE-2013-4015 (MS13-055)
Severity: Medium
Fixlet ID: 2635501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26355.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4015
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2782) - MS14-035
Severity: High
Fixlet ID: 2637601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26376.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2782
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
More information about the WinVulns-Announcements
mailing list