[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Feb 26 05:20:44 PST 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 350 Published: Tue, 25 Feb 2014 21:11:55 GMT
New Fixlets:
============
***************************************************************
Title: TCP/IP version 6 (IPv6) denial of service vulnerability (CVE-2014-0254) - MS14-006
Severity: High
Fixlet ID: 2156201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21562.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0254
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0290) - MS14-010
Severity: High
Fixlet ID: 2171701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21717.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0290
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0289.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0275) - MS14-010
Severity: High
Fixlet ID: 2183101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21831.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0275
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0272) - MS14-010
Severity: High
Fixlet ID: 2199801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21998.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0272
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0280) - MS14-010
Severity: High
Fixlet ID: 2200001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22000.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0280
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: VBScript Memory Corruption Vulnerability (CVE-2014-0271) - MS14-010, MS14-011
Severity: High
Fixlet ID: 2206501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22065.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0271
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
***************************************************************
Title: VSAVB7RT ASLR Vulnerability (CVE-2014-0295) - MS14-009
Severity: Medium
Fixlet ID: 2215801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0295
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0277) - MS14-010
Severity: High
Fixlet ID: 2222101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22221.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0277
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0279) - MS14-010
Severity: High
Fixlet ID: 2223001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22230.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0279
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278.
***************************************************************
Title: POST Request DoS Vulnerability (CVE-2014-0253) - MS14-009
Severity: Medium
Fixlet ID: 2228301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22283.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0253
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."
***************************************************************
Title: Internet Explorer Cross-domain Information Disclosure Vulnerability - CVE-2014-0293 - MS14-010
Severity: Medium
Fixlet ID: 2231401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22314.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0293
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
***************************************************************
Title: Vulnerability in Microsoft XML Core Services could allow information disclosure (CVE-2014-0266) - MS14-005
Severity: High
Fixlet ID: 2232601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22326.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0266
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0270) - MS14-010
Severity: High
Fixlet ID: 2233501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22335.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0270
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0274) - MS14-010
Severity: High
Fixlet ID: 2233801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22338.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0274
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0276) - MS14-010
Severity: High
Fixlet ID: 2236501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22365.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0276
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0269) - MS14-010
Severity: High
Fixlet ID: 2238101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22381.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0269
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0273) - MS14-010
Severity: High
Fixlet ID: 2238501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22385.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0273
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0283) - MS14-010
Severity: High
Fixlet ID: 2239801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22398.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0283
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0289) - MS14-010
Severity: High
Fixlet ID: 2241301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22413.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0289
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0281) - MS14-010
Severity: High
Fixlet ID: 2244301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22443.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0281
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287.
***************************************************************
Title: Microsoft graphics component memory corruption vulnerability (CVE-2014-0263) - MS14-007
Severity: High
Fixlet ID: 2245601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22456.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0263
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0287) - MS14-010
Severity: High
Fixlet ID: 2246401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22464.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0287
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281.
***************************************************************
Title: Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-0268) - MS14-010
Severity: Medium
Fixlet ID: 2246501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22465.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0268
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Type Traversal Vulnerability (CVE-2014-0257) - MS14-009
Severity: High
Fixlet ID: 2247201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22472.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0257
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0288) - MS14-010
Severity: High
Fixlet ID: 2248101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22481.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0288
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274.
***************************************************************
Title: RCE Vulnerability (CVE-2014-0294) - MS14-008
Severity: High
Fixlet ID: 2250201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22502.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0294
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0284) - MS14-010
Severity: High
Fixlet ID: 2250901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22509.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0284
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0286) - MS14-010
Severity: High
Fixlet ID: 2251001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22510.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0286
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0278) - MS14-010
Severity: High
Fixlet ID: 2251601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22516.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0278
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0267) - MS14-010
Severity: High
Fixlet ID: 2254601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22546.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0267
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0289 and CVE-2014-0290.
***************************************************************
Title: Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0285) - MS14-010
Severity: High
Fixlet ID: 2255901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22559.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0285
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286.
More information about the WinVulns-Announcements
mailing list