[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Aug 7 05:21:09 PDT 2015
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 460 Published: Thu, 06 Aug 2015 18:37:07 GMT
New Fixlets:
============
***************************************************************
Title: Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers (CVE-2007-3457)
Severity: Medium
Fixlet ID: 2940001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29400.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3457
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
***************************************************************
Title: Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 (CVE-2005-2470)
Severity: High
Fixlet ID: 2941801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29418.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2470
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code (CVE-2006-5857)
Severity: High
Fixlet ID: 2948001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29480.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5857
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
More information about the WinVulns-Announcements
mailing list