[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Jun 3 05:21:36 PDT 2015
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 448 Published: Tue, 02 Jun 2015 18:47:23 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1678 (MS15-051)
Severity: Low
Fixlet ID: 2806801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28068.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1678
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1706 (MS15-043)
Severity: High
Fixlet ID: 2816201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28162.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1706
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1711 (MS15-043)
Severity: High
Fixlet ID: 2816701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28167.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1711
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1717, and CVE-2015-1718.
***************************************************************
Title: TrueType font parsing vulnerability - CVE-2015-1671 (MS15-044)
Severity: High
Fixlet ID: 2820701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28207.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1671
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1691 (MS15-043)
Severity: High
Fixlet ID: 2834001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28340.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1712.
***************************************************************
Title: OpenType Font parsing vulnerability - CVE-2015-1670 (MS15-044)
Severity: Medium
Fixlet ID: 2836201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28362.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1697 (MS15-045)
Severity: High
Fixlet ID: 2839001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28390.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1697
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1710 (MS15-043)
Severity: High
Fixlet ID: 2840501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1710
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1694.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1708 (MS15-043)
Severity: High
Fixlet ID: 2847301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28473.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1708
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1695 (MS15-045)
Severity: High
Fixlet ID: 2851701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28517.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1695
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1679 (MS15-051)
Severity: Low
Fixlet ID: 2855501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28555.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1679
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1694 (MS15-043)
Severity: High
Fixlet ID: 2857601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28576.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1694
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1710.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1688 (MS15-043)
Severity: Medium
Fixlet ID: 2864101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28641.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1688
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Microsoft Office memory corruption vulnerability – CVE-2015-1682 (MS15-046)
Severity: High
Fixlet ID: 2864501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28645.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1698 (MS15-045)
Severity: High
Fixlet ID: 2864901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28649.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1698
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.
***************************************************************
Title: Schannel information disclosure vulnerability - CVE-2015-1716 (MS15-055)
Severity: Medium
Fixlet ID: 2867201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28672.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1716
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1714 (MS15-043)
Severity: High
Fixlet ID: 2868001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28680.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1714
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1703 (MS15-043)
Severity: Medium
Fixlet ID: 2869201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28692.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1703
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704.
***************************************************************
Title: Windows Kernel security feature bypass vulnerability - CVE-2015-1674 (MS15-052)
Severity: Low
Fixlet ID: 2869901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28699.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1696 (MS15-045)
Severity: High
Fixlet ID: 2871001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28710.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1696
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
***************************************************************
Title: Microsoft Office memory corruption vulnerability – CVE-2015-1683 (MS15-046)
Severity: High
Fixlet ID: 2872301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28723.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: .NET XML decryption denial of service vulnerability - CVE-2015-1672 (MS15-048)
Severity: Medium
Fixlet ID: 2873901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28739.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1672
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."
***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1675 (MS15-045)
Severity: High
Fixlet ID: 2874201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28742.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1675
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
***************************************************************
Title: VBScript and JScript ASLR bypass vulnerability - CVE-2015-1686 (MS15-043 and MS15-053)
Severity: Medium
Fixlet ID: 2874501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28745.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1686
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1689 (MS15-043)
Severity: High
Fixlet ID: 2875301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28753.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1689
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1705.
***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1680 (MS15-051)
Severity: Low
Fixlet ID: 2880801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28808.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1680
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679.
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1704 (MS15-043)
Severity: Medium
Fixlet ID: 2881501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28815.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1704
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703.
***************************************************************
Title: Internet Explorer clipboard information disclosure vulnerability - CVE-2015-1692 (MS15-043)
Severity: Medium
Fixlet ID: 2882201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28822.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1692
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1713 (MS15-043)
Severity: Medium
Fixlet ID: 2882901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28829.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1713
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1712 (MS15-043)
Severity: High
Fixlet ID: 2884001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28840.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1712
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1691.
***************************************************************
Title: VBScript memory corruption vulnerability - CVE-2015-1684 (MS15-043 and MS15-053)
Severity: Medium
Fixlet ID: 2886701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28867.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1684
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass."
***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1677 (MS15-051)
Severity: Low
Fixlet ID: 2887601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28876.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1677
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.
***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1701 (MS15-051)
Severity: High
Fixlet ID: 2888301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28883.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1718 (MS15-043)
Severity: High
Fixlet ID: 2891701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28917.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1718
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1717.
***************************************************************
Title: Microsoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)
Severity: Medium
Fixlet ID: 2892401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28924.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1700
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
***************************************************************
Title: Service control manager elevation of privilege vulnerability - CVE-2015-1702 (MS15-050)
Severity: Medium
Fixlet ID: 2893201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28932.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1702
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability."
***************************************************************
Title: Windows Journal remote code execution vulnerability - CVE-2015-1699 (MS15-045)
Severity: High
Fixlet ID: 2893601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28936.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1699
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.
***************************************************************
Title: Windows forms elevation of privilege vulnerability - CVE-2015-1673 (MS15-048)
Severity: High
Fixlet ID: 2895001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28950.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1673
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1705 (MS15-043)
Severity: High
Fixlet ID: 2895101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28951.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1705
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1689.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1709 (MS15-043)
Severity: High
Fixlet ID: 2898401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28984.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1709
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Microsoft Silverlight out of browser application vulnerability - CVE-2015-1715 (MS15-049)
Severity: High
Fixlet ID: 2898501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28985.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1715
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1717 (MS15-043)
Severity: High
Fixlet ID: 2899301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28993.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1717
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1718.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1658 (MS15-043)
Severity: High
Fixlet ID: 2900001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29000.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1658
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1706, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718.
***************************************************************
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1676 (MS15-051)
Severity: Low
Fixlet ID: 2900101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29001.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1676
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.
***************************************************************
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-1685 (MS15-043)
Severity: Medium
Fixlet ID: 2901601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29016.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1685
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."
***************************************************************
Title: Microsoft Management Console file format denial of service vulnerability - CVE-2015-1681 (MS15-054)
Severity: Low
Fixlet ID: 2901801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29018.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1681
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability."
More information about the WinVulns-Announcements
mailing list