[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Dec 31 05:21:14 PST 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 532 Published: Sat, 31 Dec 2016 00:01:54 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7289 (MS16-148)
Severity: High
Fixlet ID: 163902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1639
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7289
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-7268 (MS16-148)
Severity: Medium
Fixlet ID: 164002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1640
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7268
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
***************************************************************
Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-7291 (MS16-148)
Severity: Medium
Fixlet ID: 164101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1641
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7291
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
***************************************************************
Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-7290 (MS16-148)
Severity: Medium
Fixlet ID: 164202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1642
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7290
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
***************************************************************
Title: Microsoft Office Security Feature Bypass Vulnerability - CVE-2016-7267 (MS16-148)
Severity: Medium
Fixlet ID: 164302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1643
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7267
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
***************************************************************
Title: Microsoft Office Security Feature Bypass Vulnerability - CVE-2016-7266 (MS16-148)
Severity: Medium
Fixlet ID: 164402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1644
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7266
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
More information about the WinVulns-Announcements
mailing list