[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Jun 24 05:21:51 PDT 2015
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 451 Published: Tue, 23 Jun 2015 19:36:19 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft Windows Kernel Brush Object use after free vulnerability - CVE-2015-1726 (MS15-061)
Severity: High
Fixlet ID: 2820101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28201.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1726
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer information disclosure vulnerability - CVE-2015-1765 (MS15-056)
Severity: Medium
Fixlet ID: 2842901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28429.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1765
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site.
***************************************************************
Title: Win32k memory corruption elevation of privilege vulnerability - CVE-2015-1768 (MS15-061)
Severity: High
Fixlet ID: 2850801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28508.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1768
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1752 (MS15-056)
Severity: High
Fixlet ID: 2851201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28512.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1752
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1741.
***************************************************************
Title: Microsoft Office memory corruption vulnerability – CVE-2015-1760 (MS15-059)
Severity: High
Fixlet ID: 2851301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28513.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1760
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1745 (MS15-056)
Severity: High
Fixlet ID: 2851801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28518.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1745
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1731 (MS15-056)
Severity: High
Fixlet ID: 2853001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28530.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1731
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755.
***************************************************************
Title: Microsoft Office uninitialized memory use vulnerability – CVE-2015-1770 (MS15-059)
Severity: High
Fixlet ID: 2853101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28531.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1770
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1750 (MS15-056)
Severity: High
Fixlet ID: 2859301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28593.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1750
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1730 (MS15-056)
Severity: High
Fixlet ID: 2861001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28610.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1730
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1741 (MS15-056)
Severity: High
Fixlet ID: 2865001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28650.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1741
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1752.
***************************************************************
Title: Win32k buffer overflow vulnerability - CVE-2015-1725 (MS15-061)
Severity: High
Fixlet ID: 2866501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28665.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1725
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1754 (MS15-056)
Severity: High
Fixlet ID: 2872401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28724.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1754
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Microsoft Office memory corruption vulnerability – CVE-2015-1759 (MS15-059)
Severity: High
Fixlet ID: 2874401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28744.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1759
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1737 (MS15-056)
Severity: High
Fixlet ID: 2876901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28769.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1737
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755.
***************************************************************
Title: Microsoft Windows Kernel Bitmap handling use after free vulnerability - CVE-2015-1722 (MS15-061)
Severity: High
Fixlet ID: 2880601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28806.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1722
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1744 (MS15-056)
Severity: High
Fixlet ID: 2884801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28848.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1744
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1736 (MS15-056)
Severity: High
Fixlet ID: 2888901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28889.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1736
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755.
***************************************************************
Title: Windows Media Player RCE via DataObject vulnerability - CVE-2015-1728 (MS15-057)
Severity: High
Fixlet ID: 2891001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28910.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1728
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1755 (MS15-056)
Severity: High
Fixlet ID: 2894801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28948.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1755
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737.
***************************************************************
Title: Win32k elevation of privilege vulnerability - CVE-2015-2360 (MS15-061)
Severity: High
Fixlet ID: 2899401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28994.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2360
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1748 (MS15-056)
Severity: Medium
Fixlet ID: 2900501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29005.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1748
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1732 (MS15-056)
Severity: High
Fixlet ID: 2903301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29033.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1732
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1742, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.
***************************************************************
Title: Win32k Pool buffer overflow vulnerability - CVE-2015-1727 (MS15-061)
Severity: High
Fixlet ID: 2905001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29050.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1727
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1747 (MS15-056)
Severity: High
Fixlet ID: 2905701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29057.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1747
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1751 (MS15-056)
Severity: High
Fixlet ID: 2906001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29060.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1751
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1753 (MS15-056)
Severity: High
Fixlet ID: 2906101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29061.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1753
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750.
***************************************************************
Title: Microsoft Windows Station use after free vulnerability - CVE-2015-1723 (MS15-061)
Severity: High
Fixlet ID: 2906701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29067.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1723
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."
***************************************************************
Title: Microsoft common control use after free vulnerability - CVE-2015-1756 (MS15-060)
Severity: High
Fixlet ID: 2907201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29072.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1756
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka "Microsoft Common Control Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1766 (MS15-056)
Severity: High
Fixlet ID: 2907601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29076.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1766
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1687 (MS15-056)
Severity: High
Fixlet ID: 2908101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29081.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1687
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
***************************************************************
Title: Microsoft Windows Kernel information disclosure vulnerability – CVE-2015-1719 (MS15-061)
Severity: Low
Fixlet ID: 2909301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29093.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1719
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1735 (MS15-056)
Severity: High
Fixlet ID: 2911301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29113.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1735
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.
***************************************************************
Title: Microsoft Windows Kernel use after free vulnerability – CVE-2015-1720 (MS15-061)
Severity: High
Fixlet ID: 2911801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29118.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1720
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1742 (MS15-056)
Severity: High
Fixlet ID: 2911901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29119.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1742
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.
***************************************************************
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1740 (MS15-056)
Severity: High
Fixlet ID: 2912301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29123.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1740
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.
***************************************************************
Title: Microsoft Windows Kernel Object use after free vulnerability - CVE-2015-1724 (MS15-061)
Severity: High
Fixlet ID: 2912401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29124.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1724
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1739 (MS15-056)
Severity: Medium
Fixlet ID: 2914201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29142.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1739
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
***************************************************************
Title: Win32k Null pointer dereference vulnerability - CVE-2015-1721 (MS15-061)
Severity: High
Fixlet ID: 2914501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29145.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1721
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."
***************************************************************
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-1743 (MS15-056)
Severity: Medium
Fixlet ID: 2914701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29147.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1743
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.
More information about the WinVulns-Announcements
mailing list