[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Nov 26 05:21:35 PST 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 417 Published: Tue, 25 Nov 2014 19:33:26 GMT
New Fixlets:
============
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-4143 (MS14-065)
Severity: High
Fixlet ID: 2735601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6337 (MS14-065)
Severity: High
Fixlet ID: 2737201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27372.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6337
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6348 (MS14-065)
Severity: High
Fixlet ID: 2748901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27489.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6348
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6351 (MS14-065)
Severity: High
Fixlet ID: 2760101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27601.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6351
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2014-6339 (MS14-065)
Severity: Medium
Fixlet ID: 2767601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27676.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6339
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2014-6350 (MS14-065)
Severity: Medium
Fixlet ID: 2789701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27897.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6350
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6344 (MS14-065)
Severity: High
Fixlet ID: 2801701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28017.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6344
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Active Directory Federation Services information disclosure vulnerability - CVE-2014-6331 (MS14-077)
Severity: Medium
Fixlet ID: 2817301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28173.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6331
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6341 (MS14-065)
Severity: High
Fixlet ID: 2817701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28177.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6341
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.
***************************************************************
Title: Kerberos checksum vulnerability - CVE-2014-6324 (MS14-068)
Severity: High
Fixlet ID: 2819101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28191.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6324
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability - CVE-2014-6345 (MS14-065)
Severity: Medium
Fixlet ID: 2820401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28204.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6345
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6353 (MS14-065)
Severity: High
Fixlet ID: 2820501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28205.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6353
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6347 (MS14-065)
Severity: High
Fixlet ID: 2823401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28234.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6347
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2014-6349 (MS14-065)
Severity: Medium
Fixlet ID: 2826601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6349
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.
***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability - CVE-2014-6346 (MS14-065)
Severity: Medium
Fixlet ID: 2829001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28290.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6346
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6342 (MS14-065)
Severity: High
Fixlet ID: 2830601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28306.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6342
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.
***************************************************************
Title: Internet Explorer Clipboard Information Disclosure Vulnerability - CVE-2014-6323 (MS14-065)
Severity: Medium
Fixlet ID: 2833401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28334.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6323
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability. - CVE-2014-6340 (MS14-065)
Severity: Medium
Fixlet ID: 2833901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28339.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6340
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6343 (MS14-065)
Severity: High
Fixlet ID: 2835801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28358.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6343
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
More information about the WinVulns-Announcements
mailing list