From winvulns-announcements at bigmail.bigfix.com Tue Feb 11 05:20:33 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 11 Feb 2014 05:20:33 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 348 Published: Mon, 10 Feb 2014 23:21:54 GMT New Fixlets: ============ *************************************************************** Title: Vulnerability in Google Chrome before 32.0.1700.102 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages" Severity: High Fixlet ID: 2202801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22028.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6650 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." *************************************************************** Title: Vulnerability in Google Chrome before 32.0.1700.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image Severity: High Fixlet ID: 2208201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22082.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6649 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. *************************************************************** Title: Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2209401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22094.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6646 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. *************************************************************** Title: Vulnerability in Google Chrome before 32.0.1700.76 on Windows allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog Severity: High Fixlet ID: 2227201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22272.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6643 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows allow attackers to cause a denial of service or possibly have other impact via unknown vectors Severity: High Fixlet ID: 2230701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22307.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6644 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors Severity: High Fixlet ID: 2232201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22322.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1681 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." *************************************************************** Title: Use-after-free vulnerability in Google Chrome before 32.0.1700.76 on Windows allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog Severity: High Fixlet ID: 2234001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22340.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6641 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. *************************************************************** Title: Use-after-free vulnerability in Google Chrome before 32.0.1700.76 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2236701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22367.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6645 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. *************************************************************** Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. Severity: Low Fixlet ID: 2240901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22409.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5892 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. From winvulns-announcements at bigmail.bigfix.com Tue Feb 18 05:20:18 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 18 Feb 2014 05:20:18 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 349 Published: Tue, 18 Feb 2014 02:08:17 GMT New Fixlets: ============ *************************************************************** Title: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows allows remote attackers to execute arbitrary code via unspecified vectors (CVE-2014-0497) Severity: High Fixlet ID: 2243601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22436.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. From winvulns-announcements at bigmail.bigfix.com Wed Feb 26 05:20:44 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 26 Feb 2014 05:20:44 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 350 Published: Tue, 25 Feb 2014 21:11:55 GMT New Fixlets: ============ *************************************************************** Title: TCP/IP version 6 (IPv6) denial of service vulnerability (CVE-2014-0254) - MS14-006 Severity: High Fixlet ID: 2156201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21562.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0254 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0290) - MS14-010 Severity: High Fixlet ID: 2171701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21717.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0290 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0289. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0275) - MS14-010 Severity: High Fixlet ID: 2183101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21831.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0275 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0272) - MS14-010 Severity: High Fixlet ID: 2199801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21998.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0272 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0280) - MS14-010 Severity: High Fixlet ID: 2200001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22000.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0280 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: VBScript Memory Corruption Vulnerability (CVE-2014-0271) - MS14-010, MS14-011 Severity: High Fixlet ID: 2206501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22065.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0271 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." *************************************************************** Title: VSAVB7RT ASLR Vulnerability (CVE-2014-0295) - MS14-009 Severity: Medium Fixlet ID: 2215801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22158.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0295 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0277) - MS14-010 Severity: High Fixlet ID: 2222101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22221.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0277 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0279) - MS14-010 Severity: High Fixlet ID: 2223001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22230.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0279 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278. *************************************************************** Title: POST Request DoS Vulnerability (CVE-2014-0253) - MS14-009 Severity: Medium Fixlet ID: 2228301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22283.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0253 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability." *************************************************************** Title: Internet Explorer Cross-domain Information Disclosure Vulnerability - CVE-2014-0293 - MS14-010 Severity: Medium Fixlet ID: 2231401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22314.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0293 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." *************************************************************** Title: Vulnerability in Microsoft XML Core Services could allow information disclosure (CVE-2014-0266) - MS14-005 Severity: High Fixlet ID: 2232601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22326.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0266 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0270) - MS14-010 Severity: High Fixlet ID: 2233501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22335.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0270 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0274) - MS14-010 Severity: High Fixlet ID: 2233801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22338.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0274 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0276) - MS14-010 Severity: High Fixlet ID: 2236501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22365.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0276 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0269) - MS14-010 Severity: High Fixlet ID: 2238101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22381.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0269 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0273) - MS14-010 Severity: High Fixlet ID: 2238501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22385.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0273 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0283) - MS14-010 Severity: High Fixlet ID: 2239801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22398.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0283 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0289) - MS14-010 Severity: High Fixlet ID: 2241301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22413.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0289 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0281) - MS14-010 Severity: High Fixlet ID: 2244301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22443.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0281 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287. *************************************************************** Title: Microsoft graphics component memory corruption vulnerability (CVE-2014-0263) - MS14-007 Severity: High Fixlet ID: 2245601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22456.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0263 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0287) - MS14-010 Severity: High Fixlet ID: 2246401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22464.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0287 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281. *************************************************************** Title: Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-0268) - MS14-010 Severity: Medium Fixlet ID: 2246501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22465.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0268 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." *************************************************************** Title: Type Traversal Vulnerability (CVE-2014-0257) - MS14-009 Severity: High Fixlet ID: 2247201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22472.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0257 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0288) - MS14-010 Severity: High Fixlet ID: 2248101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22481.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0288 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274. *************************************************************** Title: RCE Vulnerability (CVE-2014-0294) - MS14-008 Severity: High Fixlet ID: 2250201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22502.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0294 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0284) - MS14-010 Severity: High Fixlet ID: 2250901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22509.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0284 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0286) - MS14-010 Severity: High Fixlet ID: 2251001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22510.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0286 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0278) - MS14-010 Severity: High Fixlet ID: 2251601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22516.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0278 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0267) - MS14-010 Severity: High Fixlet ID: 2254601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22546.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0267 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0289 and CVE-2014-0290. *************************************************************** Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0285) - MS14-010 Severity: High Fixlet ID: 2255901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22559.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0285 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286.