[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Notification of New Vulnerabilties to Windows Systems Fixlet Messages winvulns-announcements at bigmail.bigfix.com
Wed Feb 25 05:21:48 PST 2015 

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 429	Published: Tue, 24 Feb 2015 21:03:24  GMT

New Fixlets:
============

***************************************************************
Title: Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can                     cause a crash and potentially allow an attacker to take control of the Windows                     platform
Severity: High
Fixlet ID: 2847101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28471.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

***************************************************************
Title: Adobe Flash Player 14.x though 16.0.0.296 and 13.x through 13.0.0.264 could                     crash and potentially allow system takeover on the Windows platform
Severity: High
Fixlet ID: 2860201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28602.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0313
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

***************************************************************
Title: Adobe Flash Player 14.x though 16.0.0.257 and 13.x through 13.0.0.260 could                     be used to circumvent memory randomization mitigations on the Windows                     platform
Severity: High
Fixlet ID: 2864601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28646.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0312
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

More information about the WinVulns-Announcements mailing list