[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Feb 11 05:20:33 PST 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 348 Published: Mon, 10 Feb 2014 23:21:54 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in Google Chrome before 32.0.1700.102 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages"
Severity: High
Fixlet ID: 2202801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22028.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6650
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."
***************************************************************
Title: Vulnerability in Google Chrome before 32.0.1700.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image
Severity: High
Fixlet ID: 2208201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22082.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6649
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.
***************************************************************
Title: Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact
Severity: High
Fixlet ID: 2209401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22094.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6646
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.
***************************************************************
Title: Vulnerability in Google Chrome before 32.0.1700.76 on Windows allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog
Severity: High
Fixlet ID: 2227201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22272.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6643
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.
***************************************************************
Title: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows allow attackers to cause a denial of service or possibly have other impact via unknown vectors
Severity: High
Fixlet ID: 2230701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22307.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6644
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
***************************************************************
Title: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors
Severity: High
Fixlet ID: 2232201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22322.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1681
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 32.0.1700.76 on Windows allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog
Severity: High
Fixlet ID: 2234001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22340.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6641
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 32.0.1700.76 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact
Severity: High
Fixlet ID: 2236701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22367.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6645
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element.
***************************************************************
Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
Severity: Low
Fixlet ID: 2240901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22409.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5892
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
More information about the WinVulns-Announcements
mailing list