From winvulns-announcements at bigmail.bigfix.com Fri May 15 05:21:35 2015 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 15 May 2015 05:21:35 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 444 Published: Thu, 14 May 2015 19:29:08 GMT New Fixlets: ============ *************************************************************** Title: MSXML3 same origin policy SFB vulnerability - CVE-2015-1646 (MS15-039) Severity: Medium Fixlet ID: 2900901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval29009.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1646 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypassthe Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3Same Origin Policy SFB Vulnerability." From winvulns-announcements at bigmail.bigfix.com Fri May 22 05:21:34 2015 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 22 May 2015 05:21:34 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 446 Published: Thu, 21 May 2015 18:45:13 GMT New Fixlets: ============ *************************************************************** Title: Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 could allow attackers to execute arbitrary code on Windows Severity: High Fixlet ID: 2857501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval28575.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0336 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.