From winvulns-announcements at bigmail.bigfix.com  Fri Nov 21 05:21:40 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Fri, 21 Nov 2014 05:21:40 -0800
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.381.1416576107.5598.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 416	Published: Thu, 20 Nov 2014 19:30:28  GMT

New Fixlets:
============

***************************************************************
Title: Microsoft Office bad index remote code execution vulnerability - CVE-2014-6334 (MS14-069)
Severity: High
Fixlet ID: 2745101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27451.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6334
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."

***************************************************************
Title: TCP/IP Elevation of privilege vulnerability - CVE-2014-4076 (MS14-070)
Severity: High
Fixlet ID: 2762001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27620.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4076
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."

***************************************************************
Title: Denial of service in Windows Kernel Mode Driver vulnerability - CVE-2014-6317 (MS14-079)
Severity: High
Fixlet ID: 2776801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27768.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6317
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability."

***************************************************************
Title: Microsoft schannel remote code execution vulnerability - CVE-2014-6321 (MS14-066)
Severity: High
Fixlet ID: 2779401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27794.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."

***************************************************************
Title: SharePoint elevation of privilege vulnerability - CVE-2014-4116 (MS14-073)
Severity: Medium
Fixlet ID: 2782401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27824.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4116
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."

***************************************************************
Title: IIS Security feature bypass vulnerability - CVE-2014-4078 (MS14-076)
Severity: Medium
Fixlet ID: 2790901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27909.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."

***************************************************************
Title: Windows OLE remote code execution vulnerability - CVE-2014-6352 (MS14-064)
Severity: High
Fixlet ID: 2792301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27923.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6352
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.

***************************************************************
Title: Microsoft IME (Japanese) elevation of privilege vulnerability - CVE-2014-4077 (MS14-078)
Severity: High
Fixlet ID: 2798401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27984.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4077
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.

***************************************************************
Title: Windows OLE automation array remote code execution vulnerability - CVE-2014-6332 (MS14-064)
Severity: High
Fixlet ID: 2804601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28046.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6332
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

***************************************************************
Title: TypeFilterLevel vulnerability - CVE-2014-4149 (MS14-072)
Severity: High
Fixlet ID: 2805601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28056.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4149
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."

***************************************************************
Title: MSXML Remote Code Execution Vulnerability - CVE-2014-4118 (MS14-067)
Severity: High
Fixlet ID: 2808001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28080.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4118
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."

***************************************************************
Title: Microsoft Office invalid pointer remote code execution vulnerability - CVE-2014-6335 (MS14-069)
Severity: High
Fixlet ID: 2821201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28212.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6335
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."

***************************************************************
Title: Microsoft Office double delete remote code execution vulnerability - CVE-2014-6333 (MS14-069)
Severity: High
Fixlet ID: 2822901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28229.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6333
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."

***************************************************************
Title: Remote Desktop Protocol (RDP) failure to audit vulnerability - CVE-2014-6318 (MS14-074)
Severity: Medium
Fixlet ID: 2827001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28270.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6318
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."

***************************************************************
Title: Windows audio service vulnerability - CVE-2014-6322 (MS14-071)
Severity: Medium
Fixlet ID: 2828301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28283.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6322
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."


From winvulns-announcements at bigmail.bigfix.com  Fri Nov 21 05:33:23 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Fri, 21 Nov 2014 07:33:23 -0600
Subject: [Winvulns-announcements] AUTO: Kevin Ryan is out of office.
	(returning 11/24/2014)
Message-ID: <mailman.384.1416576815.5598.winvulns-announcements@bigmail.bigfix.com>


I am out of the office until 11/24/2014.

I am currently out of the office and will return on Monday November 24th.


Note: This is an automated response to your message
"[Winvulns-announcements] BES Auto Notification: New Fixlets	Published
in Fixlet Site: 'Vulnerabilities to Windows Systems'" sent on 11/21/2014
7:21:40 AM.

This is the only notification you will receive while this person is away.

**********************************************************************
This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you.

From winvulns-announcements at bigmail.bigfix.com  Wed Nov 26 05:21:35 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 26 Nov 2014 05:21:35 -0800
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.646.1417008111.5598.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 417	Published: Tue, 25 Nov 2014 19:33:26  GMT

New Fixlets:
============

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-4143 (MS14-065)
Severity: High
Fixlet ID: 2735601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6337 (MS14-065)
Severity: High
Fixlet ID: 2737201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27372.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6337
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6348 (MS14-065)
Severity: High
Fixlet ID: 2748901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27489.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6348
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6351 (MS14-065)
Severity: High
Fixlet ID: 2760101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27601.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6351
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2014-6339 (MS14-065)
Severity: Medium
Fixlet ID: 2767601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27676.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6339
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2014-6350 (MS14-065)
Severity: Medium
Fixlet ID: 2789701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27897.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6350
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6344 (MS14-065)
Severity: High
Fixlet ID: 2801701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28017.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6344
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Active Directory Federation Services information disclosure vulnerability - CVE-2014-6331 (MS14-077)
Severity: Medium
Fixlet ID: 2817301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28173.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6331
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6341 (MS14-065)
Severity: High
Fixlet ID: 2817701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28177.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6341
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.

***************************************************************
Title: Kerberos checksum vulnerability - CVE-2014-6324 (MS14-068)
Severity: High
Fixlet ID: 2819101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28191.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6324
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."

***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability - CVE-2014-6345 (MS14-065)
Severity: Medium
Fixlet ID: 2820401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28204.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6345
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6353 (MS14-065)
Severity: High
Fixlet ID: 2820501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28205.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6353
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6347 (MS14-065)
Severity: High
Fixlet ID: 2823401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28234.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6347
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2014-6349 (MS14-065)
Severity: Medium
Fixlet ID: 2826601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6349
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.

***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability - CVE-2014-6346 (MS14-065)
Severity: Medium
Fixlet ID: 2829001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28290.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6346
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6342 (MS14-065)
Severity: High
Fixlet ID: 2830601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28306.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6342
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.

***************************************************************
Title: Internet Explorer Clipboard Information Disclosure Vulnerability - CVE-2014-6323 (MS14-065)
Severity: Medium
Fixlet ID: 2833401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28334.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6323
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability. - CVE-2014-6340 (MS14-065)
Severity: Medium
Fixlet ID: 2833901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28339.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6340
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6343 (MS14-065)
Severity: High
Fixlet ID: 2835801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6343
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."


From winvulns-announcements at bigmail.bigfix.com  Wed Nov 26 05:31:24 2014
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 26 Nov 2014 07:31:24 -0600
Subject: [Winvulns-announcements] AUTO: Kevin Ryan is out of office.
	(returning 12/01/2014)
Message-ID: <mailman.647.1417008693.5598.winvulns-announcements@bigmail.bigfix.com>


I am out of the office until 12/01/2014.

I am currently out of the office and will respond to your message when I
return.


Note: This is an automated response to your message
"[Winvulns-announcements] BES Auto Notification: New Fixlets	Published
in Fixlet Site: 'Vulnerabilities to Windows Systems'" sent on 11/26/2014
7:21:35 AM.

This is the only notification you will receive while this person is away.

**********************************************************************
This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you.