[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jun 26 05:21:37 PDT 2015
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 452 Published: Thu, 25 Jun 2015 18:59:12 GMT
New Fixlets:
============
***************************************************************
Title: Windows LoadLibrary EoP vulnerability - CVE-2015-1758 (MS15-063)
Severity: Medium
Fixlet ID: 2852501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28525.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1758
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability."
***************************************************************
Title: Exchange Server-Side Request Forgery vulnerability - CVE-2015-1764 (MS15-064)
Severity: Medium
Fixlet ID: 2860701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28607.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1764
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."
***************************************************************
Title: Exchange HTML injection vulnerability - CVE-2015-2359 (MS15-064)
Severity: Medium
Fixlet ID: 2892801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28928.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2359
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."
***************************************************************
Title: Exchange Cross-Site Request Forgery vulnerability - CVE-2015-1771 (MS15-064)
Severity: Medium
Fixlet ID: 2911501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29115.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1771
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."
More information about the WinVulns-Announcements
mailing list