[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Aug 29 05:20:17 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 396 Published: Thu, 28 Aug 2014 18:26:34 GMT
New Fixlets:
============
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2823 (MS14-051)
Severity: High
Fixlet ID: 2595401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25954.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2823
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-4057.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2808 (MS14-051)
Severity: High
Fixlet ID: 2596201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25962.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2808
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2820 (MS14-051)
Severity: High
Fixlet ID: 2599701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25997.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2820
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2811 (MS14-051)
Severity: High
Fixlet ID: 2600101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26001.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2811
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2822, CVE-2014-2823, and CVE-2014-4057.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2824 (MS14-051)
Severity: High
Fixlet ID: 2604301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26043.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2824
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4057 (MS14-051)
Severity: High
Fixlet ID: 2607301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26073.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4057
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823.
***************************************************************
Title: OneNote remote code execution vulnerability - CVE-2014-2815 (MS14-048)
Severity: High
Fixlet ID: 2608901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26089.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2815
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4051 (MS14-051)
Severity: High
Fixlet ID: 2609201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26092.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4051
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2784.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2827 (MS14-051)
Severity: High
Fixlet ID: 2610901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26109.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2827
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-4063.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4063 (MS14-051)
Severity: High
Fixlet ID: 2612001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26120.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4063
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2826 (MS14-051)
Severity: High
Fixlet ID: 2612101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26121.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2826
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2827, and CVE-2014-4063.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4067 (MS14-051)
Severity: High
Fixlet ID: 2612701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26127.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4067
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4055.
***************************************************************
Title: Windows kernel pool allocation vulnerability - CVE-2014-4064 (MS14-045)
Severity: Medium
Fixlet ID: 2613601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26136.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4064
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability."
***************************************************************
Title: SQL master data services XSS vulnerability - CVE-2014-1820 (MS14-044)
Severity: Medium
Fixlet ID: 2614501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26145.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1820
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2825 (MS14-051)
Severity: High
Fixlet ID: 2615801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2825
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4055 (MS14-051)
Severity: High
Fixlet ID: 2616401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26164.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4055
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2796 (MS14-051)
Severity: High
Fixlet ID: 2622701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26227.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2796
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.
***************************************************************
Title: LRPC ASLR Bypass Vulnerability - CVE-2014-0316 (MS14-047)
Severity: High
Fixlet ID: 2624201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26242.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0316
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (memory consumption) and bypass the ASLR protection mechanism via a crafted client that sends messages with an invalid data view, aka "LRPC ASLR Bypass Vulnerability."
***************************************************************
Title: CSyncBasePlayer use after free vulnerability - CVE-2014-4060 (MS14-043)
Severity: Medium
Fixlet ID: 2627501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26275.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4060
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
***************************************************************
Title: Microsoft SQL Server stack overrun vulnerability - CVE-2014-4061 (MS14-044)
Severity: Medium
Fixlet ID: 2628701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26287.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4061
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4050 (MS14-051)
Severity: High
Fixlet ID: 2628801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26288.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4050
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4055, and CVE-2014-4067.
***************************************************************
Title: SharePoint Page Content Vulnerability (CVE-2014-2816) - MS14-050
Severity: High
Fixlet ID: 2630001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26300.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2816
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2819 (MS14-051)
Severity: Medium
Fixlet ID: 2630501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26305.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2819
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2817 (MS14-051)
Severity: Medium
Fixlet ID: 2630601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26306.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2817
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4052 (MS14-051)
Severity: High
Fixlet ID: 2632101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26321.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4052
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Font Double-Fetch vulnerability - CVE-2014-1819 (MS14-045)
Severity: High
Fixlet ID: 2632201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26322.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1819
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability."
***************************************************************
Title: Windows installer repair vulnerability - CVE-2014-1814 (MS14-049)
Severity: High
Fixlet ID: 2634101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26341.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1814
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2821 (MS14-051)
Severity: High
Fixlet ID: 2635801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2821
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4058 (MS14-051)
Severity: High
Fixlet ID: 2639401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26394.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4058
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2822 (MS14-051)
Severity: High
Fixlet ID: 2639801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26398.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2822
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2823, and CVE-2014-4057.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2810 (MS14-051)
Severity: High
Fixlet ID: 2639901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26399.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2810
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, and CVE-2014-4057.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2784 (MS14-051)
Severity: High
Fixlet ID: 2640001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26400.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2784
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4051.
***************************************************************
Title: Win32k Elevation of Privilege vulnerability - CVE-2014-0318 (MS14-045)
Severity: High
Fixlet ID: 2644201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26442.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0318
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2818 (MS14-051)
Severity: High
Fixlet ID: 2645201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26452.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2818
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: .NET ASLR vulnerability - CVE-2014-4062 (MS14-046)
Severity: Medium
Fixlet ID: 2646501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26465.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4062
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2774 (MS14-051)
Severity: High
Fixlet ID: 2646701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26467.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2774
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2820, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.
***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-4056 (MS14-051)
Severity: High
Fixlet ID: 2647901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26479.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4056
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
More information about the WinVulns-Announcements
mailing list