[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Sep 17 05:20:53 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 400 Published: Tue, 16 Sep 2014 22:05:29 GMT
New Fixlets:
============
***************************************************************
Title: NULL pointer dereference vulnerability in Wireshark via crafted packet
Severity: Medium
Fixlet ID: 2553401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25534.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4377
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
***************************************************************
Title: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products
Severity: High
Fixlet ID: 2553701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25537.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0186
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
***************************************************************
Title: Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4
Severity: High
Fixlet ID: 2556401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25564.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2164
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.
***************************************************************
Title: Arbitrary code executing via unknown vectors.
Severity: High
Fixlet ID: 2563301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25633.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1346
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
***************************************************************
Title: Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1
Severity: High
Fixlet ID: 2583501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25835.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2052
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.
***************************************************************
Title: Denial of service vulnerability in the libpcap file parser in Wireshark
Severity: High
Fixlet ID: 2588701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25887.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4174
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.
***************************************************************
Title: Unspecified vulnerability in Wireshark via crafted PCNFSD packets
Severity: Medium
Fixlet ID: 2594501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25945.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1829
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
***************************************************************
Title: Denial of service vulnerability in ASN.1 BER dissector in Wireshark
Severity: Medium
Fixlet ID: 2599601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25996.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3556
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
***************************************************************
Title: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418
Severity: High
Fixlet ID: 2603101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26031.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4694
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
***************************************************************
Title: Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2
Severity: High
Fixlet ID: 2606101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26061.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1296
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
***************************************************************
Title: Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51
Severity: High
Fixlet ID: 2611001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26110.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0065
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
***************************************************************
Title: Denial of service vulnerability in Wireshark via crafted NCP packet
Severity: Medium
Fixlet ID: 2617101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26171.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3932
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
***************************************************************
Title: Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1
Severity: High
Fixlet ID: 2617801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26178.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2027
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.
***************************************************************
Title: Use-after-free vulnerability in dissect_q931_cause_ie function in Wireshark
Severity: Medium
Fixlet ID: 2619401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26194.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4685
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
***************************************************************
Title: A case-sensitive comparison when checking for dangerous extensions
Severity: High
Fixlet ID: 2620101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26201.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2545
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
***************************************************************
Title: Denial of service (memory corruption) by leveraging access to a Low integrity process.
Severity: Medium
Fixlet ID: 2620801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26208.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1545
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
***************************************************************
Title: Heap-based buffer overflow in IN_MOD.DLL in Winamp before 5.57
Severity: High
Fixlet ID: 2623001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26230.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3996
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
***************************************************************
Title: Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1
Severity: High
Fixlet ID: 2624901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26249.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1279
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file.
***************************************************************
Title: Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1
Severity: High
Fixlet ID: 2627101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26271.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2028
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors.
***************************************************************
Title: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19 in Winamp 5.552
Severity: High
Fixlet ID: 2628101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26281.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1791
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
***************************************************************
Title: Allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document
Severity: Medium
Fixlet ID: 2630801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26308.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1450
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
***************************************************************
Title: Allows remote attackers to spoof web sites via a crafted HTML document
Severity: Medium
Fixlet ID: 2631701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26317.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1451
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
***************************************************************
Title: Denial of service vulnerability in Wireshark via fragmented packets
Severity: Medium
Fixlet ID: 2634901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26349.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3145
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
***************************************************************
Title: Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1
Severity: High
Fixlet ID: 2636101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26361.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4170
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.
***************************************************************
Title: Unspecified vulnerability allows remote attackers to bypass Protected Mode
Severity: High
Fixlet ID: 2637801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26378.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1347
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
***************************************************************
Title: Unspecified vulnerability in Wireshark via RMI dissector
Severity: Medium
Fixlet ID: 2638401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26384.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3141
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
***************************************************************
Title: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19 in Winamp 5.552
Severity: High
Fixlet ID: 2638501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26385.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1788
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
***************************************************************
Title: Heap based buffer overflow vulnerability in Wireshark before 1.2
Severity: High
Fixlet ID: 2639301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26393.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0024
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
***************************************************************
Title: Denial of service vulnerability in Wireshark via ICMP or ICMPv6 echo request packet
Severity: Low
Fixlet ID: 2641301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26413.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2394
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
***************************************************************
Title: Unspecified vulnerability in the Extras Manager in Skype
Severity: High
Fixlet ID: 2642701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26427.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4741
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
***************************************************************
Title: The skype_tool.copy_num method in the Skype extension
Severity: Medium
Fixlet ID: 2643001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26430.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5697
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
***************************************************************
Title: Multiple heap-based buffer overflows in IN_MOD.DLL in Winamp before 5.57
Severity: High
Fixlet ID: 2643201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26432.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3995
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Multiple buffer overflows vulnerabilities in packet_ncp2222.inc in Wireshark via a crafted NCP packet
Severity: High
Fixlet ID: 2643801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26438.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3146
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
***************************************************************
Title: Memory corruption vulnerability in MP4 demuxer (mp4.c) for VLC media player via a malformed MP4 file
Severity: High
Fixlet ID: 2643901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26439.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0984
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
***************************************************************
Title: Adobe Photoshop allows remote attackers to execute arbitrary code or cause a denial of service
Severity: High
Fixlet ID: 2644101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26441.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2131
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.
***************************************************************
Title: Allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
Severity: High
Fixlet ID: 2645601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26456.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0325
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this.
***************************************************************
Title: Denial of service vulnerability in VideoLAN VLC Media Player via a crafted playlist file
Severity: Medium
Fixlet ID: 2647101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26471.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7340
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
***************************************************************
Title: Allows remote attackers to inject a request into a session by sending this request during completion of the login form
Severity: Medium
Fixlet ID: 2647301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26473.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2067
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
***************************************************************
Title: Allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors
Severity: High
Fixlet ID: 2649001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26490.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2557
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
***************************************************************
Title: Denial of service and possibly execute arbitrary code via a space or tab character at the beginning of an RTSP message
Severity: High
Fixlet ID: 2650001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26500.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6933
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
***************************************************************
Title: Cross-zone scripting vulnerability
Severity: Medium
Fixlet ID: 2650601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26506.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0582
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
***************************************************************
Title: Allows remote attackers to cause a denial of service by streaming data.
Severity: Medium
Fixlet ID: 2650701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26507.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3544
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
***************************************************************
Title: Cross-zone scripting vulnerability in the Internet Explorer web control
Severity: High
Fixlet ID: 2651001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26510.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0454
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
***************************************************************
Title: Allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
Severity: High
Fixlet ID: 2651501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26515.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2782
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
***************************************************************
Title: Incomplete blacklist vulnerability
Severity: High
Fixlet ID: 2651701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1805
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
***************************************************************
Title: Denial of service vulnerability in Wireshark via long SMTP request
Severity: Medium
Fixlet ID: 2652501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26525.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5285
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
***************************************************************
Title: Allows context-dependent attackers to obtain sensitive request information
Severity: Low
Fixlet ID: 2652701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26527.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
***************************************************************
Title: Cross-zone scripting vulnerability
Severity: Medium
Fixlet ID: 2652801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26528.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0583
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
***************************************************************
Title: Heap-based buffer overflow in KMPlayer 3.0.0.1441
Severity: High
Fixlet ID: 2653201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26532.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2594
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field.
***************************************************************
Title: Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1
Severity: High
Fixlet ID: 2655401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26554.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0275
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression.
***************************************************************
Title: Untrusted search path vulnerability in KMPlayer 3.2.0.19
Severity: High
Fixlet ID: 2655901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26559.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3841
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory.
More information about the WinVulns-Announcements
mailing list