[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Mar 18 05:20:16 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 353 Published: Tue, 18 Mar 2014 02:12:56 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in IrfanView before 4.37 in Heap-based buffer overflow
Severity: High
Fixlet ID: 2205101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22051.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5351
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.
***************************************************************
Title: Vulnerability in IrfanView before 4.32 in Heap-based buffer overflow
Severity: Medium
Fixlet ID: 2206801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22068.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5233
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
***************************************************************
Title: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message contain
Severity: Medium
Fixlet ID: 2212201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22122.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
***************************************************************
Title: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code
Severity: High
Fixlet ID: 2220101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22201.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
***************************************************************
Title: Vulnerability in IrfanView before 4.33 in Heap-based buffer overflow
Severity: Medium
Fixlet ID: 2227901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22279.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5904
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
***************************************************************
Title: Vulnerability in IrfanView 4.34 in Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin
Severity: High
Fixlet ID: 2248201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22482.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3585
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
***************************************************************
Title: Vulnerability in IrfanView before 4.23 in integer overflow
Severity: High
Fixlet ID: 2251101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22511.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0197
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
***************************************************************
Title: Vulnerability in IrfanView 4.23 in integer overflow
Severity: Medium
Fixlet ID: 2259701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22597.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2118
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
***************************************************************
Title: Vulnerability in IrfanView before 4.37 in buffer overflow
Severity: High
Fixlet ID: 2261101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22611.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6932
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
***************************************************************
Title: Vulnerability in IrfanView before 4.33 in stack-based buffer overflow in the JPEG2000 plugin
Severity: Medium
Fixlet ID: 2261301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22613.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0897
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
More information about the WinVulns-Announcements
mailing list