[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Aug 5 05:20:56 PDT 2015
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 459 Published: Tue, 04 Aug 2015 20:31:12 GMT
New Fixlets:
============
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2401 (MS15-065)
Severity: High
Fixlet ID: 2852901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28529.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2401
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2408.
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2415 (MS15-070)
Severity: High
Fixlet ID: 2854401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28544.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2415
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2384 (MS15-065)
Severity: High
Fixlet ID: 2861401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28614.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2384
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2425.
***************************************************************
Title: Graphics component EOP vulnerability - CVE-2015-2364 (MS15-072)
Severity: High
Fixlet ID: 2870801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28708.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2364
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."
***************************************************************
Title: Win32k information disclosure vulnerability - CVE-2015-2367 (MS15-073)
Severity: Low
Fixlet ID: 2874301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28743.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2367
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2390 (MS15-065)
Severity: High
Fixlet ID: 2880401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28804.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2390
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2377 (MS15-070)
Severity: High
Fixlet ID: 2880501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28805.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2377
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1733 (MS15-065)
Severity: High
Fixlet ID: 2881801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28818.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1733
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2406 (MS15-065)
Severity: High
Fixlet ID: 2883401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28834.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2406
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422.
***************************************************************
Title: VBScript Memory corruption vulnerability - CVE-2015-2372 (MS15-065 and MS15-066)
Severity: High
Fixlet ID: 2893801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28938.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2372
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
***************************************************************
Title: Elevation of privilege vulnerability in Netlogon - CVE-2015-2374 (MS15-071)
Severity: Low
Fixlet ID: 2896801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28968.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2374
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon."
***************************************************************
Title: OLE Elevation of privilege vulnerability - CVE-2015-2416 (MS15-075)
Severity: Medium
Fixlet ID: 2899001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28990.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2416
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2403 (MS15-065)
Severity: High
Fixlet ID: 2901001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29010.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2403
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1767 (MS15-065)
Severity: High
Fixlet ID: 2901501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29015.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1767
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.
***************************************************************
Title: Internet Explorer XSS filter bypass vulnerability - CVE-2015-2398 (MS15-065)
Severity: Medium
Fixlet ID: 2907501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29075.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2398
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2410 (MS15-065)
Severity: Medium
Fixlet ID: 2908701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29087.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2410
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability."
***************************************************************
Title: Win32k elevation of privilege vulnerability - CVE-2015-2366 (MS15-073)
Severity: High
Fixlet ID: 2912801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29128.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2366
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
***************************************************************
Title: Win32k information disclosure vulnerability - CVE-2015-2382 (MS15-073)
Severity: Low
Fixlet ID: 2913201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29132.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2382
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2381.
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2375 (MS15-070)
Severity: Medium
Fixlet ID: 2913901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29139.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2375
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability."
***************************************************************
Title: DLL planting remote code execution vulnerability - CVE-2015-2369 (MS15-069)
Severity: Medium
Fixlet ID: 2914901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29149.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2369
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability."
***************************************************************
Title: Win32k elevation of privilege vulnerability - CVE-2015-2365 (MS15-073)
Severity: High
Fixlet ID: 2915601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29156.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2365
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2412 (MS15-065)
Severity: Medium
Fixlet ID: 2915901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29159.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2412
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2383 (MS15-065)
Severity: High
Fixlet ID: 2916401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29164.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2383
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2384 and CVE-2015-2425.
***************************************************************
Title: OLE Elevation of privilege vulnerability - CVE-2015-2417 (MS15-075)
Severity: Medium
Fixlet ID: 2919801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29198.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2417
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2411 (MS15-065)
Severity: High
Fixlet ID: 2921901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29219.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2411
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2389.
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2376 (MS15-070)
Severity: High
Fixlet ID: 2924501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29245.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2376
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2391 (MS15-065)
Severity: High
Fixlet ID: 2924701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29247.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2391
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2385 (MS15-065)
Severity: High
Fixlet ID: 2927801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29278.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2385
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
***************************************************************
Title: Windows DLL remote code execution vulnerability - CVE-2015-2368 (MS15-069)
Severity: Medium
Fixlet ID: 2928001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29280.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2368
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability."
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2379 (MS15-070)
Severity: High
Fixlet ID: 2928401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29284.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2379
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2408 (MS15-065)
Severity: High
Fixlet ID: 2929201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29292.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2408
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2401.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1729 (MS15-065)
Severity: Medium
Fixlet ID: 2929501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29295.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1729
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2425 (MS15-065)
Severity: High
Fixlet ID: 2929601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29296.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2425
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.
***************************************************************
Title: SQL Server remote code execution vulnerability - CVE-2015-1763 (MS15-058)
Severity: High
Fixlet ID: 2931501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29315.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1763
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."
***************************************************************
Title: Jscript9 Memory corruption vulnerability - CVE-2015-2419 (MS15-065)
Severity: High
Fixlet ID: 2931601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29316.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2419
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2397 (MS15-065)
Severity: High
Fixlet ID: 2932401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29324.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2397
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
***************************************************************
Title: Windows RPC elevation of privilege vulnerability - CVE-2015-2370 (MS15-076)
Severity: High
Fixlet ID: 2932701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29327.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2370
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."
***************************************************************
Title: ATMFD.DLL Memory corruption vulnerability - CVE-2015-2387 (MS15-077)
Severity: High
Fixlet ID: 2933201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29332.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2387
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-2421 (MS15-065)
Severity: Medium
Fixlet ID: 2935501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29355.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2421
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2404 (MS15-065)
Severity: High
Fixlet ID: 2935701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29357.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2404
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2422 (MS15-065)
Severity: High
Fixlet ID: 2936001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29360.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2422
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406.
***************************************************************
Title: Win32k information disclosure vulnerability - CVE-2015-2381 (MS15-073)
Severity: Low
Fixlet ID: 2938801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29388.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2381
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2382.
***************************************************************
Title: Hyper-V buffer overflow vulnerability - CVE-2015-2361 (MS15-068)
Severity: High
Fixlet ID: 2939101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29391.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2361
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (buffer overflow) by leveraging guest OS privileges, aka "Hyper-V Buffer Overflow Vulnerability."
***************************************************************
Title: Remote Desktop Protocol (RDP) remote code execution vulnerability - CVE-2015-2373 (MS15-067)
Severity: High
Fixlet ID: 2939201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29392.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2373
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2389 (MS15-065)
Severity: High
Fixlet ID: 2939501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29395.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2389
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2411.
***************************************************************
Title: Hyper-V system data structure vulnerability - CVE-2015-2362 (MS15-068)
Severity: High
Fixlet ID: 2940601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29406.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2362
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1738 (MS15-065)
Severity: High
Fixlet ID: 2941401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29414.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1738
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2388.
***************************************************************
Title: Internet Explorer information disclosure vulnerability - CVE-2015-2413 (MS15-065)
Severity: Medium
Fixlet ID: 2942201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29422.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2413
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability."
***************************************************************
Title: Windows installer EoP vulnerability - CVE-2015-2371 (MS15-074)
Severity: Medium
Fixlet ID: 2943101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29431.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2371
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability."
***************************************************************
Title: Win32k Elevation of privilege vulnerability - CVE-2015-2363 (MS15-073)
Severity: High
Fixlet ID: 2943601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29436.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2363
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2380 (MS15-070)
Severity: High
Fixlet ID: 2944901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29449.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2380
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: SQL Server elevation of privilege vulnerability - CVE-2015-1761 (MS15-058)
Severity: Medium
Fixlet ID: 2945201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29452.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1761
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-2402 (MS15-065)
Severity: Medium
Fixlet ID: 2945401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29454.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2402
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2414 (MS15-065)
Severity: Medium
Fixlet ID: 2947001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29470.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2414
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability."
***************************************************************
Title: SQL Server remote code execution vulnerability - CVE-2015-1762 (MS15-058)
Severity: High
Fixlet ID: 2948501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29485.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1762
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2388 (MS15-065)
Severity: High
Fixlet ID: 2948701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29487.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2388
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1738.
***************************************************************
Title: OpenType font driver vulnerability - CVE-2015-2426 (MS15-078)
Severity: High
Fixlet ID: 2949301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29493.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2426
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."
***************************************************************
Title: Microsoft Office memory corruption vulnerability - CVE-2015-2424 (MS15-070)
Severity: High
Fixlet ID: 2951701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2424
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Microsoft Excel DLL remote code execution vulnerability - CVE-2015-2378 (MS15-070)
Severity: Medium
Fixlet ID: 2952501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29525.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2378
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability."
More information about the WinVulns-Announcements
mailing list