From winvulns-announcements at bigmail.bigfix.com Wed Sep 10 05:20:41 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 10 Sep 2014 05:20:41 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 398 Published: Tue, 09 Sep 2014 18:19:40 GMT New Fixlets: ============ *************************************************************** Title: Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143 Severity: High Fixlet ID: 2551001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25510.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3165 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows allows attackers to execute arbitrary code Severity: High Fixlet ID: 2585601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25856.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0546 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows allow attackers to bypass intended access restrictions via unspecified vectors Severity: High Fixlet ID: 2585701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25857.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0541 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) Severity: Medium Fixlet ID: 2595001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25950.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. *************************************************************** Title: Vulnerability in OpenSSL 1.0.1 before 1.0.1i, allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact Severity: High Fixlet ID: 2596501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25965.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors Severity: High Fixlet ID: 2597001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25970.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3167 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows allow attackers to bypass intended access restrictions via unspecified vectors Severity: High Fixlet ID: 2599201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25992.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0541 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors. *************************************************************** Title: Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context Severity: High Fixlet ID: 2613101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26131.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0546 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses Severity: High Fixlet ID: 2613401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26134.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0545 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544. *************************************************************** Title: Vulnerability in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Severity: Medium Fixlet ID: 2614701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26147.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses Severity: High Fixlet ID: 2615401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26154.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0544 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses Severity: High Fixlet ID: 2616101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26161.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0542 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows context-dependent attackers to obtain sensitive information from process stack memory Severity: Medium Fixlet ID: 2627401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26274.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote attackers to cause a denial of service (CVE-2014-3507) Severity: Medium Fixlet ID: 2629301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26293.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. *************************************************************** Title: The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows does not correctly consider the properties of SPDY connections Severity: Medium Fixlet ID: 2631101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26311.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3166 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses Severity: High Fixlet ID: 2631601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26316.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0543 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote attackers to cause a denial of service (CVE-2014-3506) Severity: Medium Fixlet ID: 2632401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26324.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. *************************************************************** Title: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism Severity: High Fixlet ID: 2633701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26337.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0540 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. *************************************************************** Title: Vulnerability in OpenSSL 1.0.1 before 1.0.1i, allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "p Severity: Medium Fixlet ID: 2634201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26342.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3511 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. *************************************************************** Title: Vulnerability in OpenSSL 1.0.1 before 1.0.1i, allows remote SSL servers to cause a denial of service Severity: Medium Fixlet ID: 2636901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26369.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. *************************************************************** Title: Service Control Manager Double Free Vulnerability (MS13-077) Severity: Medium Fixlet ID: 2638201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26382.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3862 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka "Service Control Manager Double Free Vulnerability." *************************************************************** Title: Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition Severity: Medium Fixlet ID: 2649101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26491.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. From winvulns-announcements at bigmail.bigfix.com Fri Sep 12 05:20:34 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 12 Sep 2014 05:20:34 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 399 Published: Thu, 11 Sep 2014 18:21:03 GMT New Fixlets: ============ *************************************************************** Title: Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate Severity: Medium Fixlet ID: 2580801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25808.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. *************************************************************** Title: Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials Severity: Medium Fixlet ID: 2636201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26362.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. From winvulns-announcements at bigmail.bigfix.com Wed Sep 17 05:20:53 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 17 Sep 2014 05:20:53 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 400 Published: Tue, 16 Sep 2014 22:05:29 GMT New Fixlets: ============ *************************************************************** Title: NULL pointer dereference vulnerability in Wireshark via crafted packet Severity: Medium Fixlet ID: 2553401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25534.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4377 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. *************************************************************** Title: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products Severity: High Fixlet ID: 2553701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25537.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0186 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. *************************************************************** Title: Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 Severity: High Fixlet ID: 2556401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25564.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2164 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors. *************************************************************** Title: Arbitrary code executing via unknown vectors. Severity: High Fixlet ID: 2563301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25633.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1346 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. *************************************************************** Title: Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 Severity: High Fixlet ID: 2583501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25835.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2052 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element. *************************************************************** Title: Denial of service vulnerability in the libpcap file parser in Wireshark Severity: High Fixlet ID: 2588701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25887.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4174 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. *************************************************************** Title: Unspecified vulnerability in Wireshark via crafted PCNFSD packets Severity: Medium Fixlet ID: 2594501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25945.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1829 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. *************************************************************** Title: Denial of service vulnerability in ASN.1 BER dissector in Wireshark Severity: Medium Fixlet ID: 2599601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25996.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3556 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. *************************************************************** Title: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 Severity: High Fixlet ID: 2603101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26031.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4694 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. *************************************************************** Title: Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 Severity: High Fixlet ID: 2606101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26061.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1296 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file. *************************************************************** Title: Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 Severity: High Fixlet ID: 2611001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26110.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0065 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. *************************************************************** Title: Denial of service vulnerability in Wireshark via crafted NCP packet Severity: Medium Fixlet ID: 2617101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26171.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3932 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. *************************************************************** Title: Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 Severity: High Fixlet ID: 2617801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26178.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2027 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. *************************************************************** Title: Use-after-free vulnerability in dissect_q931_cause_ie function in Wireshark Severity: Medium Fixlet ID: 2619401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26194.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4685 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. *************************************************************** Title: A case-sensitive comparison when checking for dangerous extensions Severity: High Fixlet ID: 2620101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26201.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2545 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. *************************************************************** Title: Denial of service (memory corruption) by leveraging access to a Low integrity process. Severity: Medium Fixlet ID: 2620801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26208.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1545 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. *************************************************************** Title: Heap-based buffer overflow in IN_MOD.DLL in Winamp before 5.57 Severity: High Fixlet ID: 2623001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26230.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3996 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. *************************************************************** Title: Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 Severity: High Fixlet ID: 2624901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26249.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1279 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. *************************************************************** Title: Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 Severity: High Fixlet ID: 2627101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26271.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2028 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19 in Winamp 5.552 Severity: High Fixlet ID: 2628101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26281.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1791 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. *************************************************************** Title: Allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document Severity: Medium Fixlet ID: 2630801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26308.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1450 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. *************************************************************** Title: Allows remote attackers to spoof web sites via a crafted HTML document Severity: Medium Fixlet ID: 2631701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26317.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1451 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. *************************************************************** Title: Denial of service vulnerability in Wireshark via fragmented packets Severity: Medium Fixlet ID: 2634901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26349.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3145 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. *************************************************************** Title: Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 Severity: High Fixlet ID: 2636101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26361.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4170 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. *************************************************************** Title: Unspecified vulnerability allows remote attackers to bypass Protected Mode Severity: High Fixlet ID: 2637801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26378.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1347 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. *************************************************************** Title: Unspecified vulnerability in Wireshark via RMI dissector Severity: Medium Fixlet ID: 2638401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26384.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3141 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. *************************************************************** Title: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19 in Winamp 5.552 Severity: High Fixlet ID: 2638501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26385.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1788 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. *************************************************************** Title: Heap based buffer overflow vulnerability in Wireshark before 1.2 Severity: High Fixlet ID: 2639301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26393.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0024 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. *************************************************************** Title: Denial of service vulnerability in Wireshark via ICMP or ICMPv6 echo request packet Severity: Low Fixlet ID: 2641301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26413.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2394 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. *************************************************************** Title: Unspecified vulnerability in the Extras Manager in Skype Severity: High Fixlet ID: 2642701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26427.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4741 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. *************************************************************** Title: The skype_tool.copy_num method in the Skype extension Severity: Medium Fixlet ID: 2643001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26430.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5697 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. *************************************************************** Title: Multiple heap-based buffer overflows in IN_MOD.DLL in Winamp before 5.57 Severity: High Fixlet ID: 2643201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26432.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3995 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. *************************************************************** Title: Multiple buffer overflows vulnerabilities in packet_ncp2222.inc in Wireshark via a crafted NCP packet Severity: High Fixlet ID: 2643801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26438.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3146 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. *************************************************************** Title: Memory corruption vulnerability in MP4 demuxer (mp4.c) for VLC media player via a malformed MP4 file Severity: High Fixlet ID: 2643901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26439.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0984 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. *************************************************************** Title: Adobe Photoshop allows remote attackers to execute arbitrary code or cause a denial of service Severity: High Fixlet ID: 2644101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26441.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2131 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file. *************************************************************** Title: Allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site Severity: High Fixlet ID: 2645601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26456.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0325 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this. *************************************************************** Title: Denial of service vulnerability in VideoLAN VLC Media Player via a crafted playlist file Severity: Medium Fixlet ID: 2647101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26471.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7340 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. *************************************************************** Title: Allows remote attackers to inject a request into a session by sending this request during completion of the login form Severity: Medium Fixlet ID: 2647301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26473.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2067 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. *************************************************************** Title: Allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors Severity: High Fixlet ID: 2649001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26490.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2557 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. *************************************************************** Title: Denial of service and possibly execute arbitrary code via a space or tab character at the beginning of an RTSP message Severity: High Fixlet ID: 2650001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26500.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6933 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. *************************************************************** Title: Cross-zone scripting vulnerability Severity: Medium Fixlet ID: 2650601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26506.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0582 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. *************************************************************** Title: Allows remote attackers to cause a denial of service by streaming data. Severity: Medium Fixlet ID: 2650701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26507.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3544 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. *************************************************************** Title: Cross-zone scripting vulnerability in the Internet Explorer web control Severity: High Fixlet ID: 2651001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26510.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0454 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." *************************************************************** Title: Allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site Severity: High Fixlet ID: 2651501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26515.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2782 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775. *************************************************************** Title: Incomplete blacklist vulnerability Severity: High Fixlet ID: 2651701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26517.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1805 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. *************************************************************** Title: Denial of service vulnerability in Wireshark via long SMTP request Severity: Medium Fixlet ID: 2652501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26525.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5285 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. *************************************************************** Title: Allows context-dependent attackers to obtain sensitive request information Severity: Low Fixlet ID: 2652701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26527.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2071 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. *************************************************************** Title: Cross-zone scripting vulnerability Severity: Medium Fixlet ID: 2652801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26528.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0583 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. *************************************************************** Title: Heap-based buffer overflow in KMPlayer 3.0.0.1441 Severity: High Fixlet ID: 2653201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26532.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2594 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field. *************************************************************** Title: Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 Severity: High Fixlet ID: 2655401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26554.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0275 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression. *************************************************************** Title: Untrusted search path vulnerability in KMPlayer 3.2.0.19 Severity: High Fixlet ID: 2655901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26559.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3841 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. From winvulns-announcements at bigmail.bigfix.com Fri Sep 19 05:20:34 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 19 Sep 2014 05:20:34 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 401 Published: Thu, 18 Sep 2014 23:32:46 GMT New Fixlets: ============ *************************************************************** Title: The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation Severity: Medium Fixlet ID: 2573501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25735.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3172 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4084 (MS14-052) Severity: High Fixlet ID: 2600901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26009.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4084 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4093. *************************************************************** Title: The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer Severity: Medium Fixlet ID: 2603301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26033.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3173 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4085 (MS14-052) Severity: High Fixlet ID: 2604001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26040.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4085 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4094 (MS14-052) Severity: High Fixlet ID: 2608401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26084.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4094 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Denial of service vulnerability in Wireshark via crafted zlib-compressed data Severity: Low Fixlet ID: 2610501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26105.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3933 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. *************************************************************** Title: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8 Severity: High Fixlet ID: 2611401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26114.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3177 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4091 (MS14-052) Severity: High Fixlet ID: 2613001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26130.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4091 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4102. *************************************************************** Title: Lync XSS information disclosure vulnerability (CVE-2014-4070) - MS14-055 Severity: Medium Fixlet ID: 2615001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26150.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4070 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability." *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4110 (MS14-052) Severity: High Fixlet ID: 2631301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26313.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4110 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4102 (MS14-052) Severity: High Fixlet ID: 2633401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26334.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4102 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4091. *************************************************************** Title: extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name Severity: Medium Fixlet ID: 2633901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26339.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3170 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4109 (MS14-052) Severity: High Fixlet ID: 2640501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26405.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4109 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94 Severity: High Fixlet ID: 2654301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26543.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3169 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. *************************************************************** Title: Lync Denial of Service vulnerability (CVE-2014-4071) - MS14-055 Severity: Medium Fixlet ID: 2655001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26550.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4071 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability." *************************************************************** Title: modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients Severity: Medium Fixlet ID: 2658501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26585.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3174 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4080 (MS14-052) Severity: High Fixlet ID: 2659401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26594.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4080 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4086 (MS14-052) Severity: High Fixlet ID: 2661001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26610.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4086 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Internet Explorer resource information disclosure vulnerability - CVE-2013-7331 (MS14-052) Severity: Medium Fixlet ID: 2661101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26611.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7331 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4079 (MS14-052) Severity: High Fixlet ID: 2661301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26613.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4079 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4083 (MS14-052) Severity: High Fixlet ID: 2662101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26621.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4083 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors Severity: High Fixlet ID: 2663901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26639.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3175 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4059 (MS14-052) Severity: High Fixlet ID: 2664501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26645.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4059 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8 Severity: High Fixlet ID: 2664701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26647.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3176 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-2799 (MS14-052) Severity: High Fixlet ID: 2665101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26651.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2799 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4100 (MS14-052) Severity: High Fixlet ID: 2666301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26663.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4100 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4090 (MS14-052) Severity: High Fixlet ID: 2666901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26669.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4090 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94 Severity: High Fixlet ID: 2667201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26672.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3168 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4097 (MS14-052) Severity: High Fixlet ID: 2667401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26674.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4097 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4098 (MS14-052) Severity: High Fixlet ID: 2667701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26677.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4098 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4092. *************************************************************** Title: Lync Denial of Service vulnerability (CVE-2014-4068) - MS14-055 Severity: Medium Fixlet ID: 2668001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26680.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4068 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability." *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4106 (MS14-052) Severity: High Fixlet ID: 2668201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26682.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4106 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4111 (MS14-052) Severity: High Fixlet ID: 2668301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26683.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4111 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4087 (MS14-052) Severity: High Fixlet ID: 2668601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26686.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4087 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4095, CVE-2014-4096, and CVE-2014-4101. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4089 (MS14-052) Severity: High Fixlet ID: 2669301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26693.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4089 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4091, and CVE-2014-4102. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4092 (MS14-052) Severity: High Fixlet ID: 2672601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26726.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4092 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4098. *************************************************************** Title: Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94 Severity: High Fixlet ID: 2672701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26727.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3171 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4101 (MS14-052) Severity: High Fixlet ID: 2678001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26780.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4101 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4096. *************************************************************** Title: Task Scheduler Vulnerability - CVE-2014-4074 (MS14-054) Severity: Medium Fixlet ID: 2678401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26784.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4074 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability." *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4103 (MS14-052) Severity: High Fixlet ID: 2678501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26785.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4103 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4099 (MS14-052) Severity: High Fixlet ID: 2678801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26788.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4099 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4107 (MS14-052) Severity: High Fixlet ID: 2679101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26791.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4107 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4105 (MS14-052) Severity: High Fixlet ID: 2679801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26798.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4105 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4104 (MS14-052) Severity: High Fixlet ID: 2681101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26811.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4104 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4108 (MS14-052) Severity: High Fixlet ID: 2681501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26815.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4108 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4081 (MS14-052) Severity: High Fixlet ID: 2684601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26846.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4081 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4095 (MS14-052) Severity: High Fixlet ID: 2684701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26847.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4095 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4065 (MS14-052) Severity: High Fixlet ID: 2684901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26849.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4065 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4088 (MS14-052) Severity: High Fixlet ID: 2685501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26855.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4088 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4082 (MS14-052) Severity: High Fixlet ID: 2686201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26862.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4082 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4096 (MS14-052) Severity: High Fixlet ID: 2686401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26864.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4096 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101. *************************************************************** Title: Internet explorer memory corruption vulnerability - CVE-2014-4093 (MS14-052) Severity: High Fixlet ID: 2687901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26879.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4093 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4084. From winvulns-announcements at bigmail.bigfix.com Wed Sep 24 05:21:28 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 24 Sep 2014 05:21:28 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 402 Published: Tue, 23 Sep 2014 23:43:42 GMT New Fixlets: ============ *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) Severity: High Fixlet ID: 2630101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26301.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0552 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0555. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) (CVE-2014-0550) Severity: High Fixlet ID: 2631201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26312.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0550 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. *************************************************************** Title: Allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact Severity: High Fixlet ID: 2640101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26401.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0894 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. *************************************************************** Title: Allows attackers to cause a denial of service or possibly have other impact Severity: High Fixlet ID: 2640301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26403.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1735 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) (CVE-2014-0547) Severity: High Fixlet ID: 2643401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26434.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0547 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. *************************************************************** Title: Allows attackers to cause a denial of service or possibly have other impact Severity: High Fixlet ID: 2648601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26486.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6668 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 2655101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26551.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0553 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unknown other impact Severity: Medium Fixlet ID: 2656401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26564.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. *************************************************************** Title: Multiple unspecified vulnerabilities allow attackers to bypass the sandbox protection mechanism after obtaining renderer access Severity: High Fixlet ID: 2658401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26584.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6661 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors. *************************************************************** Title: Allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact Severity: Medium Fixlet ID: 2659301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26593.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3102 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. *************************************************************** Title: Allow remote attackers to bypass intended CORS restrictions via an inappropriate header Severity: Medium Fixlet ID: 2660201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26602.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6666 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions Severity: High Fixlet ID: 2660301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26603.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0555 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0552. *************************************************************** Title: Allows man-in-the-middle attackers to overwrite or delete arbitrary cookies Severity: Medium Fixlet ID: 2661201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26612.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7294 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. *************************************************************** Title: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code Severity: High Fixlet ID: 2661601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26616.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0559 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556. *************************************************************** Title: Allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter Severity: Medium Fixlet ID: 2662601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26626.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6166 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. *************************************************************** Title: Allows attackers to cause a denial of service or possibly have other impact Severity: High Fixlet ID: 2665801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26658.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1734 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions Severity: High Fixlet ID: 2666801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26668.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0554 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2667901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26679.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3152 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. *************************************************************** Title: Allows remote attackers to enable microphone access and obtain speech-recognition text without indication Severity: Medium Fixlet ID: 2669101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26691.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3803 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) (CVE-2014-0551) Severity: High Fixlet ID: 2670801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26708.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0551 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and CVE-2014-0555. *************************************************************** Title: Allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact Severity: High Fixlet ID: 2671301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26713.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6631 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call. *************************************************************** Title: Allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly Severity: Medium Fixlet ID: 2673401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26734.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2673801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26738.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1731 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. *************************************************************** Title: Alows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate Severity: High Fixlet ID: 2674601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26746.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3876 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism Severity: High Fixlet ID: 2675801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26758.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0557 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. *************************************************************** Title: Allows attackers to cause a denial of service or possibly have other impact Severity: High Fixlet ID: 2676301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26763.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6667 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2676501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26765.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6663 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view. *************************************************************** Title: Allows remote attackers to bypass intended sandbox restrictions Severity: High Fixlet ID: 2676601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26766.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1733 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. *************************************************************** Title: Allows remote SSL servers to trigger use of a new certificate chain Severity: Medium Fixlet ID: 2677201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26772.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6659 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation. *************************************************************** Title: Allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values Severity: High Fixlet ID: 2679001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26790.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1730 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. *************************************************************** Title: Allows attackers to cause a denial of service or possibly have other impact Severity: High Fixlet ID: 2679301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26793.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1749 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow remote attackers to bypass the Same Origin Policy (CVE-2014-0548) Severity: High Fixlet ID: 2680701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26807.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0548 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements Severity: High Fixlet ID: 2681201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26812.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6664 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature. *************************************************************** Title: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions Severity: High Fixlet ID: 2681301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26813.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0556 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559. *************************************************************** Title: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) (CVE-2014-0549) Severity: High Fixlet ID: 2681801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26818.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0549 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly execute arbitrary code Severity: Medium Fixlet ID: 2681901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26819.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2682601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26826.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6665 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer. *************************************************************** Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact Severity: High Fixlet ID: 2683501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26835.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1732 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. *************************************************************** Title: Allows remote attackers to discover full pathnames via a crafted web site Severity: Medium Fixlet ID: 2683801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26838.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6660 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site. *************************************************************** Title: Allows remote attackers to cause a denial of service (application crash) Severity: Medium Fixlet ID: 2685401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26854.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2870 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. *************************************************************** Title: Allows remote attackers to cause a denial of service (incorrect read operation) Severity: Medium Fixlet ID: 2686301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26863.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2825 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.