[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Apr 5 05:21:09 PDT 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 480 Published: Mon, 04 Apr 2016 19:02:55 GMT
New Fixlets:
============
***************************************************************
Title: OpenType Font Parsing Vulnerability - CVE-2015-2506 (MS15-097)
Severity: High
Fixlet ID: 45002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A450
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2506
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
***************************************************************
Title: Memory Corruption Vulnerability - CVE-2015-2502 (MS15-093)
Severity: High
Fixlet ID: 45102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A451
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2502
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
More information about the WinVulns-Announcements
mailing list