From winvulns-announcements at bigmail.bigfix.com  Wed Jun  3 05:21:36 2015
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 3 Jun 2015 05:21:36 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.181.1433334101.1761.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 448	Published: Tue, 02 Jun 2015 18:47:23  GMT

New Fixlets:
============

***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1678 (MS15-051)
Severity: Low
Fixlet ID: 2806801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28068.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1678
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1706 (MS15-043)
Severity: High
Fixlet ID: 2816201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28162.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1706
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1711 (MS15-043)
Severity: High
Fixlet ID: 2816701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28167.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1711
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1717, and CVE-2015-1718.

***************************************************************
Title: TrueType font parsing vulnerability - CVE-2015-1671 (MS15-044)
Severity: High
Fixlet ID: 2820701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28207.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1671
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1691 (MS15-043)
Severity: High
Fixlet ID: 2834001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28340.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1712.

***************************************************************
Title: OpenType Font parsing vulnerability - CVE-2015-1670 (MS15-044)
Severity: Medium
Fixlet ID: 2836201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28362.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."

***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1697 (MS15-045)
Severity: High
Fixlet ID: 2839001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28390.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1697
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1710 (MS15-043)
Severity: High
Fixlet ID: 2840501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1710
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1694.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1708 (MS15-043)
Severity: High
Fixlet ID: 2847301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28473.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1708
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1695 (MS15-045)
Severity: High
Fixlet ID: 2851701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1695
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.

***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1679 (MS15-051)
Severity: Low
Fixlet ID: 2855501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28555.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1679
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1694 (MS15-043)
Severity: High
Fixlet ID: 2857601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28576.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1694
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1710.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1688 (MS15-043)
Severity: Medium
Fixlet ID: 2864101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28641.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1688
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

***************************************************************
Title: Microsoft Office memory corruption vulnerability ? CVE-2015-1682  (MS15-046)
Severity: High
Fixlet ID: 2864501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28645.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1698 (MS15-045)
Severity: High
Fixlet ID: 2864901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28649.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1698
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.

***************************************************************
Title: Schannel information disclosure vulnerability - CVE-2015-1716 (MS15-055)
Severity: Medium
Fixlet ID: 2867201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28672.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1716
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1714 (MS15-043)
Severity: High
Fixlet ID: 2868001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28680.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1714
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1703 (MS15-043)
Severity: Medium
Fixlet ID: 2869201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28692.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1703
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704.

***************************************************************
Title: Windows Kernel security feature bypass vulnerability - CVE-2015-1674 (MS15-052)
Severity: Low
Fixlet ID: 2869901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28699.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."

***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1696 (MS15-045)
Severity: High
Fixlet ID: 2871001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28710.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1696
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.

***************************************************************
Title: Microsoft Office memory corruption vulnerability ? CVE-2015-1683 (MS15-046)
Severity: High
Fixlet ID: 2872301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28723.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

***************************************************************
Title: .NET XML decryption denial of service vulnerability - CVE-2015-1672 (MS15-048)
Severity: Medium
Fixlet ID: 2873901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28739.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1672
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."

***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1675 (MS15-045)
Severity: High
Fixlet ID: 2874201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28742.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1675
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.

***************************************************************
Title: VBScript and JScript ASLR bypass vulnerability - CVE-2015-1686 (MS15-043 and MS15-053)
Severity: Medium
Fixlet ID: 2874501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28745.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1686
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1689 (MS15-043)
Severity: High
Fixlet ID: 2875301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28753.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1689
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1705.

***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1680 (MS15-051)
Severity: Low
Fixlet ID: 2880801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28808.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1680
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679.

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1704 (MS15-043)
Severity: Medium
Fixlet ID: 2881501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28815.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1704
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703.

***************************************************************
Title: Internet Explorer clipboard information disclosure vulnerability - CVE-2015-1692 (MS15-043)
Severity: Medium
Fixlet ID: 2882201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28822.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1692
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1713 (MS15-043)
Severity: Medium
Fixlet ID: 2882901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28829.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1713
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1712 (MS15-043)
Severity: High
Fixlet ID: 2884001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28840.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1712
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1691.

***************************************************************
Title: VBScript memory corruption vulnerability - CVE-2015-1684 (MS15-043 and MS15-053)
Severity: Medium
Fixlet ID: 2886701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28867.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1684
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass."

***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1677 (MS15-051)
Severity: Low
Fixlet ID: 2887601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28876.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1677
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.

***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1701 (MS15-051)
Severity: High
Fixlet ID: 2888301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28883.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1718 (MS15-043)
Severity: High
Fixlet ID: 2891701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28917.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1718
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1717.

***************************************************************
Title: Microsoft SharePoint page content vulnerabilities ? CVE-2015-1700 (MS15-047)
Severity: Medium
Fixlet ID: 2892401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28924.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1700
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."

***************************************************************
Title: Service control manager elevation of privilege vulnerability - CVE-2015-1702 (MS15-050)
Severity: Medium
Fixlet ID: 2893201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28932.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1702
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability."

***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1699 (MS15-045)
Severity: High
Fixlet ID: 2893601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28936.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1699
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.

***************************************************************
Title: Windows forms elevation of privilege vulnerability - CVE-2015-1673 (MS15-048)
Severity: High
Fixlet ID: 2895001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28950.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1673
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1705 (MS15-043)
Severity: High
Fixlet ID: 2895101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28951.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1705
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1689.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1709 (MS15-043)
Severity: High
Fixlet ID: 2898401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28984.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1709
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Microsoft Silverlight out of browser application vulnerability - CVE-2015-1715 (MS15-049)
Severity: High
Fixlet ID: 2898501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28985.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1715
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1717 (MS15-043)
Severity: High
Fixlet ID: 2899301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28993.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1717
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1718.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1658 (MS15-043)
Severity: High
Fixlet ID: 2900001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29000.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1658
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1706, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718.

***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1676 (MS15-051)
Severity: Low
Fixlet ID: 2900101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29001.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1676
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.

***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-1685 (MS15-043)
Severity: Medium
Fixlet ID: 2901601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29016.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1685
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."

***************************************************************
Title: Microsoft Management Console file format denial of service vulnerability - CVE-2015-1681 (MS15-054)
Severity: Low
Fixlet ID: 2901801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29018.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1681
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability."


From winvulns-announcements at bigmail.bigfix.com  Wed Jun  3 09:02:04 2015
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 3 Jun 2015 10:02:04 -0600
Subject: [Winvulns-announcements] AUTO: Jeff Bendorf/Denver/IBM is out of
	the office. (returning 06/08/2015)
Message-ID: <mailman.197.1433347356.1761.winvulns-announcements@bigmail.bigfix.com>



I am out of the office until 06/08/2015.

If this is urgent, please contact my manager Roger Widholm at
1-818-539-3184  or email rwidholm at us.ibm.com.


Note: This is an automated response to your message
"WinVulns-Announcements Digest, Vol 65, Issue 1" sent on 06/03/2015 6:21:41
.

This is the only notification you will receive while this person is away.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/winvulns-announcements/attachments/20150603/c5e410a8/attachment.html>

From winvulns-announcements at bigmail.bigfix.com  Wed Jun 24 05:21:51 2015
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 24 Jun 2015 05:21:51 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.430.1435148515.5485.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 451	Published: Tue, 23 Jun 2015 19:36:19  GMT

New Fixlets:
============

***************************************************************
Title: Microsoft Windows Kernel Brush Object use after free vulnerability - CVE-2015-1726 (MS15-061)
Severity: High
Fixlet ID: 2820101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28201.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1726
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."

***************************************************************
Title: Internet Explorer information disclosure vulnerability - CVE-2015-1765 (MS15-056)
Severity: Medium
Fixlet ID: 2842901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28429.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1765
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site.

***************************************************************
Title: Win32k memory corruption elevation of privilege vulnerability - CVE-2015-1768 (MS15-061)
Severity: High
Fixlet ID: 2850801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28508.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1768
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1752 (MS15-056)
Severity: High
Fixlet ID: 2851201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28512.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1752
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1741.

***************************************************************
Title: Microsoft Office memory corruption vulnerability ? CVE-2015-1760 (MS15-059)
Severity: High
Fixlet ID: 2851301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28513.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1760
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1745 (MS15-056)
Severity: High
Fixlet ID: 2851801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28518.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1745
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1731 (MS15-056)
Severity: High
Fixlet ID: 2853001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28530.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1731
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755.

***************************************************************
Title: Microsoft Office uninitialized memory use vulnerability ? CVE-2015-1770 (MS15-059)
Severity: High
Fixlet ID: 2853101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28531.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1770
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1750 (MS15-056)
Severity: High
Fixlet ID: 2859301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1750
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1730 (MS15-056)
Severity: High
Fixlet ID: 2861001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28610.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1730
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1741 (MS15-056)
Severity: High
Fixlet ID: 2865001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28650.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1741
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1752.

***************************************************************
Title: Win32k buffer overflow vulnerability - CVE-2015-1725 (MS15-061)
Severity: High
Fixlet ID: 2866501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28665.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1725
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1754 (MS15-056)
Severity: High
Fixlet ID: 2872401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28724.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1754
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Microsoft Office memory corruption vulnerability ? CVE-2015-1759 (MS15-059)
Severity: High
Fixlet ID: 2874401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28744.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1759
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1737 (MS15-056)
Severity: High
Fixlet ID: 2876901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28769.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1737
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755.

***************************************************************
Title: Microsoft Windows Kernel Bitmap handling use after free vulnerability - CVE-2015-1722 (MS15-061)
Severity: High
Fixlet ID: 2880601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28806.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1722
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1744 (MS15-056)
Severity: High
Fixlet ID: 2884801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28848.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1744
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1736 (MS15-056)
Severity: High
Fixlet ID: 2888901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28889.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1736
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755.

***************************************************************
Title: Windows Media Player RCE via DataObject vulnerability - CVE-2015-1728 (MS15-057)
Severity: High
Fixlet ID: 2891001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28910.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1728
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1755 (MS15-056)
Severity: High
Fixlet ID: 2894801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28948.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1755
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737.

***************************************************************
Title: Win32k elevation of privilege vulnerability - CVE-2015-2360 (MS15-061)
Severity: High
Fixlet ID: 2899401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28994.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2360
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1748 (MS15-056)
Severity: Medium
Fixlet ID: 2900501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29005.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1748
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1732 (MS15-056)
Severity: High
Fixlet ID: 2903301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29033.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1732
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1742, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.

***************************************************************
Title: Win32k Pool buffer overflow vulnerability - CVE-2015-1727 (MS15-061)
Severity: High
Fixlet ID: 2905001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29050.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1727
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1747 (MS15-056)
Severity: High
Fixlet ID: 2905701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29057.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1747
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1751 (MS15-056)
Severity: High
Fixlet ID: 2906001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29060.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1751
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1753 (MS15-056)
Severity: High
Fixlet ID: 2906101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29061.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1753
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750.

***************************************************************
Title: Microsoft Windows Station use after free vulnerability - CVE-2015-1723 (MS15-061)
Severity: High
Fixlet ID: 2906701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29067.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1723
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."

***************************************************************
Title: Microsoft common control use after free vulnerability - CVE-2015-1756 (MS15-060)
Severity: High
Fixlet ID: 2907201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29072.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1756
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka "Microsoft Common Control Use After Free Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1766 (MS15-056)
Severity: High
Fixlet ID: 2907601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29076.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1766
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1687 (MS15-056)
Severity: High
Fixlet ID: 2908101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29081.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1687
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

***************************************************************
Title: Microsoft Windows Kernel information disclosure vulnerability ? CVE-2015-1719 (MS15-061)
Severity: Low
Fixlet ID: 2909301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29093.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1719
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1735 (MS15-056)
Severity: High
Fixlet ID: 2911301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29113.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1735
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.

***************************************************************
Title: Microsoft Windows Kernel use after free vulnerability ? CVE-2015-1720 (MS15-061)
Severity: High
Fixlet ID: 2911801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29118.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1720
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1742 (MS15-056)
Severity: High
Fixlet ID: 2911901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29119.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1742
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.

***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1740 (MS15-056)
Severity: High
Fixlet ID: 2912301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29123.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1740
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.

***************************************************************
Title: Microsoft Windows Kernel Object use after free vulnerability - CVE-2015-1724 (MS15-061)
Severity: High
Fixlet ID: 2912401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29124.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1724
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1739 (MS15-056)
Severity: Medium
Fixlet ID: 2914201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29142.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1739
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

***************************************************************
Title: Win32k Null pointer dereference vulnerability - CVE-2015-1721 (MS15-061)
Severity: High
Fixlet ID: 2914501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29145.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1721
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."

***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1743 (MS15-056)
Severity: Medium
Fixlet ID: 2914701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29147.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1743
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.


From winvulns-announcements at bigmail.bigfix.com  Fri Jun 26 05:21:37 2015
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Fri, 26 Jun 2015 05:21:37 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.473.1435321302.5485.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 452	Published: Thu, 25 Jun 2015 18:59:12  GMT

New Fixlets:
============

***************************************************************
Title: Windows LoadLibrary EoP vulnerability - CVE-2015-1758 (MS15-063)
Severity: Medium
Fixlet ID: 2852501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28525.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1758
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability."

***************************************************************
Title: Exchange Server-Side Request Forgery vulnerability - CVE-2015-1764 (MS15-064)
Severity: Medium
Fixlet ID: 2860701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28607.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1764
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."

***************************************************************
Title: Exchange HTML injection vulnerability - CVE-2015-2359 (MS15-064)
Severity: Medium
Fixlet ID: 2892801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28928.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2359
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."

***************************************************************
Title: Exchange Cross-Site Request Forgery vulnerability - CVE-2015-1771 (MS15-064)
Severity: Medium
Fixlet ID: 2911501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29115.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1771
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."