From winvulns-announcements at bigmail.bigfix.com  Wed Feb 18 05:21:33 2015
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 18 Feb 2015 05:21:33 -0800
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.828.1424265698.5579.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 428	Published: Tue, 17 Feb 2015 19:40:23  GMT

New Fixlets:
============

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0029 (MS15-009)
Severity: High
Fixlet ID: 2776501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27765.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0029
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0067 (MS15-009)
Severity: High
Fixlet ID: 2777201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27772.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0067
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Microsoft schannel remote code execution vulnerability - CVE-2015-0058 (MS15-010)
Severity: High
Fixlet ID: 2778001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27780.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0058
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0042 (MS15-009)
Severity: High
Fixlet ID: 2795701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27957.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0046.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0041 (MS15-009)
Severity: High
Fixlet ID: 2797701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval27977.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0036.

***************************************************************
Title: Internet Explorer cross-domain information disclosure vulnerability - CVE-2015-0070 (MS15-009)
Severity: Medium
Fixlet ID: 2801801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28018.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0070
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0050 (MS15-009)
Severity: High
Fixlet ID: 2802101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28021.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0050
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.

***************************************************************
Title: Office remote code execution vulnerability - CVE-2015-0064 (MS15-012)
Severity: High
Fixlet ID: 2807401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28074.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0064
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-0054 (MS15-009)
Severity: Medium
Fixlet ID: 2819301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28193.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0054
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

***************************************************************
Title: CNG security feature bypass vulnerability - CVE-2015-0010 (MS15-010)
Severity: Low
Fixlet ID: 2820201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28202.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0010
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.

***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-0071 (MS15-009)
Severity: Medium
Fixlet ID: 2825701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28257.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0068 (MS15-009)
Severity: High
Fixlet ID: 2827201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28272.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0068
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0052.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0017 (MS15-009)
Severity: High
Fixlet ID: 2833701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28337.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0017
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0027 (MS15-009)
Severity: High
Fixlet ID: 2834701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28347.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0027
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0035, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0053 (MS15-009)
Severity: High
Fixlet ID: 2838201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28382.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0053
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0045.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0030 (MS15-009)
Severity: High
Fixlet ID: 2838301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28383.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0030
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0018 (MS15-009)
Severity: High
Fixlet ID: 2838401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28384.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0018
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0028 (MS15-009)
Severity: High
Fixlet ID: 2839401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28394.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0028
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0048.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0023 (MS15-009)
Severity: High
Fixlet ID: 2839501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28395.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0023
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0037 (MS15-009)
Severity: High
Fixlet ID: 2840201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28402.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0037
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0036 (MS15-009)
Severity: High
Fixlet ID: 2841301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28413.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0036
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-0069 (MS15-009)
Severity: Medium
Fixlet ID: 2844901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28449.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0069
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0035 (MS15-009)
Severity: High
Fixlet ID: 2847501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28475.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0035
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.

***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-0051 (MS15-009)
Severity: Medium
Fixlet ID: 2848601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28486.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0051
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0046 (MS15-009)
Severity: High
Fixlet ID: 2852201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28522.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0042.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0021 (MS15-009)
Severity: High
Fixlet ID: 2854001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28540.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0021
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer use-after-free vulnerability - CVE-2014-8967 (MS15-009)
Severity: Medium
Fixlet ID: 2854801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28548.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8967
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0026 (MS15-009)
Severity: High
Fixlet ID: 2855801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28558.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0026
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0043 (MS15-009)
Severity: High
Fixlet ID: 2857301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28573.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0048 (MS15-009)
Severity: High
Fixlet ID: 2859001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28590.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0048
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0028.

***************************************************************
Title: OneTableDocumentStream remote code execution vulnerability - CVE-2015-0065 (MS15-012)
Severity: High
Fixlet ID: 2859801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28598.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0065
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability."

***************************************************************
Title: Excel remote code execution vulnerability - CVE-2015-0063 (MS15-012)
Severity: High
Fixlet ID: 2860401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28604.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0063
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."

***************************************************************
Title: TrueType font parsing remote code execution vulnerability - CVE-2015-0059 (MS15-010)
Severity: Medium
Fixlet ID: 2863301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28633.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0059
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0040 (MS15-009)
Severity: High
Fixlet ID: 2863901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28639.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0040
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0031 (MS15-009)
Severity: High
Fixlet ID: 2865301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28653.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0031
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0036, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0066 (MS15-009)
Severity: High
Fixlet ID: 2866301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28663.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0066
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040.

***************************************************************
Title: Internet Explorer memory corruption vulnerability  - CVE-2015-0019 (MS15-009)
Severity: High
Fixlet ID: 2866601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28666.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0019
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Microsoft Office component use after free vulnerability - CVE-2014-6362 (MS15-013)
Severity: Medium
Fixlet ID: 2866801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28668.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6362
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0052 (MS15-009)
Severity: High
Fixlet ID: 2868301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28683.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0052
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068.

***************************************************************
Title: Windows font driver denial of service vulnerability - CVE-2015-0060 (MS15-010)
Severity: Medium
Fixlet ID: 2868801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28688.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0060
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability."

***************************************************************
Title: Win32k elevation of privilege vulnerability - CVE-2015-0057 (MS15-010)
Severity: High
Fixlet ID: 2868901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28689.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0057
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0045 (MS15-009)
Severity: High
Fixlet ID: 2869101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28691.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0045
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0053.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0049 (MS15-009)
Severity: High
Fixlet ID: 2869501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28695.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0049
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Group Policy remote code execution vulnerability - CVE-2015-0008 (MS15-011)
Severity: High
Fixlet ID: 2870001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28700.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0008
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0020 (MS15-009)
Severity: High
Fixlet ID: 2871101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28711.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0020
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0025 (MS15-009)
Severity: High
Fixlet ID: 2871401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28714.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0025
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0022 (MS15-009)
Severity: High
Fixlet ID: 2871801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28718.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0022
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-0055 (MS15-009)
Severity: Medium
Fixlet ID: 2872801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28728.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0055
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

***************************************************************
Title: TIFF Processing information disclosure vulnerability - CVE-2015-0061 (MS15-016)
Severity: Medium
Fixlet ID: 2873101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28731.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0061
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0039 (MS15-009)
Severity: High
Fixlet ID: 2873201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28732.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0039
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and CVE-2015-0068.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0044 (MS15-009)
Severity: High
Fixlet ID: 2873501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28735.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0044
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0050.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-0038 (MS15-009)
Severity: High
Fixlet ID: 2875001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28750.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0038
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046.

***************************************************************
Title: Microsoft schannel remote code execution vulnerability - CVE-2015-0003 (MS15-010)
Severity: Medium
Fixlet ID: 2876201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28762.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0003
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

***************************************************************
Title: Windows create process elevation of privilege vulnerability - CVE-2015-0062 (MS15-015)
Severity: High
Fixlet ID: 2876401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28764.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0062
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability."

***************************************************************
Title: Group Policy security feature bypass vulnerability - CVE-2015-0009 (MS15-014)
Severity: Low
Fixlet ID: 2876701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28767.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0009
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."


From winvulns-announcements at bigmail.bigfix.com  Wed Feb 25 05:21:48 2015
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 25 Feb 2015 05:21:48 -0800
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.1064.1424870513.5579.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 429	Published: Tue, 24 Feb 2015 21:03:24  GMT

New Fixlets:
============

***************************************************************
Title: Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can                     cause a crash and potentially allow an attacker to take control of the Windows                     platform
Severity: High
Fixlet ID: 2847101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28471.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

***************************************************************
Title: Adobe Flash Player 14.x though 16.0.0.296 and 13.x through 13.0.0.264 could                     crash and potentially allow system takeover on the Windows platform
Severity: High
Fixlet ID: 2860201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28602.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0313
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

***************************************************************
Title: Adobe Flash Player 14.x though 16.0.0.257 and 13.x through 13.0.0.260 could                     be used to circumvent memory randomization mitigations on the Windows                     platform
Severity: High
Fixlet ID: 2864601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28646.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0312
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.