From winvulns-announcements at bigmail.bigfix.com Wed Jun 1 05:21:07 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 1 Jun 2016 05:21:07 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 490 Published: Tue, 31 May 2016 17:36:24 GMT New Fixlets: ============ *************************************************************** Title: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability - CVE-2016-0176 (MS16-062) Severity: High Fixlet ID: 76601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A766 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0176 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." *************************************************************** Title: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability - CVE-2016-0197 (MS16-062) Severity: High Fixlet ID: 76701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A767 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0197 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-0126 (MS16-054) Severity: High Fixlet ID: 76802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A768 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0126 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Graphics RCE Vulnerability - CVE-2016-0183 (MS16-054) Severity: High Fixlet ID: 76902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A769 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0183 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability." From winvulns-announcements at bigmail.bigfix.com Tue Jun 7 05:21:11 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 7 Jun 2016 05:21:11 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 491 Published: Mon, 06 Jun 2016 20:16:54 GMT New Fixlets: ============ *************************************************************** Title: RPC Network Data Representation Engine Remote Code Execution Vulnerability - CVE-2016-0178 (MS16-061) Severity: High Fixlet ID: 77101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A771 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0178 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability." *************************************************************** Title: Microsoft Office Malformed EPS File Vulnerability - CVE-2015-2545 (MS15-099) Severity: High Fixlet ID: 77201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A772 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2545 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-0198 (MS16-054) Severity: High Fixlet ID: 77301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A773 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0198 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." From winvulns-announcements at bigmail.bigfix.com Fri Jun 10 05:21:13 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 10 Jun 2016 05:21:13 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 492 Published: Fri, 10 Jun 2016 00:20:25 GMT New Fixlets: ============ *************************************************************** Title: Windows DLL Loading Remote Code Execution Vulnerability - CVE-2016-0152 (MS16-058) Severity: High Fixlet ID: 77402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A774 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0152 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability." *************************************************************** Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2016-0180 (MS16-060) Severity: High Fixlet ID: 77502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A775 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0180 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." *************************************************************** Title: Windows Media Center Remote Code Execution Vulnerability - CVE-2016-0185 (MS16-059) Severity: High Fixlet ID: 77602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A776 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0185 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability." *************************************************************** Title: Multiple unspecified vulnerabilities in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 - CVE-2016-2807 Severity: High Fixlet ID: 77702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A777 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2807 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. *************************************************************** Title: Multiple unspecified vulnerabilities in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 - CVE-2016-2806 Severity: High Fixlet ID: 77802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A778 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2806 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. *************************************************************** Title: Windows Graphics Component Information Disclosure Vulnerability - CVE-2016-0168 (MS16-055) Severity: Medium Fixlet ID: 77902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A779 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0168 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169. *************************************************************** Title: Windows Graphics Component Information Disclosure Vulnerability - CVE-2016-0169 (MS16-055) Severity: Medium Fixlet ID: 78002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A780 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0169 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168. *************************************************************** Title: Windows Graphics Component RCE Vulnerability - CVE-2016-0170 (MS16-055) Severity: High Fixlet ID: 78101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A781 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0170 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-0140 (MS16-054) Severity: High Fixlet ID: 78202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A782 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0140 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Cross-origin bypass in extension bindings - CVE-2016-1672 Severity: Medium Fixlet ID: 78302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A783 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1672 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple vulnerabilities have been discovered in Google Chrome. These vulnerabilities can be triggered by a user visiting a specially crafted web page. Details of these vulnerabilities are as follows: Cross-origin bypass in extension bindings. *************************************************************** Title: Secondary Logon Elevation of Privilege Vulnerability - CVE-2016-0099 (MS16-032) Severity: High Fixlet ID: 78402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A784 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0099 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." *************************************************************** Title: Out-of-bounds read in Skia - CVE-2016-1702 Severity: Medium Fixlet ID: 78501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A785 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1702 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 - CVE-2016-1703 Severity: Medium Fixlet ID: 78602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A786 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1703 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Use-after-free in Autofill - CVE-2016-1701 Severity: Medium Fixlet ID: 78702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A787 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1701 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. *************************************************************** Title: Parameter sanitization failure in DevTools - CVE-2016-1699 Severity: Medium Fixlet ID: 78801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A788 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1699 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. *************************************************************** Title: Information leak in Extension bindings - CVE-2016-1698 Severity: Medium Fixlet ID: 78902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A789 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1698 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. *************************************************************** Title: Cross-origin bypass in Blink - CVE-2016-1697 Severity: Medium Fixlet ID: 79002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A790 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1697 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. *************************************************************** Title: Use-after-free in Extensions - CVE-2016-1700 Severity: Medium Fixlet ID: 79102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A791 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1700 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. *************************************************************** Title: Cross-origin bypass in extension bindings - CVE-2016-1696 Severity: Medium Fixlet ID: 79202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A792 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1696 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4113 Severity: High Fixlet ID: 79302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A793 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4113 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4112 Severity: High Fixlet ID: 79402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A794 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4112 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4116 Severity: High Fixlet ID: 79502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A795 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4116 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4108 Severity: High Fixlet ID: 79602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A796 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4108 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4110 Severity: High Fixlet ID: 79702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A797 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4110 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4114 Severity: High Fixlet ID: 79802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A798 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4114 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4109 Severity: High Fixlet ID: 79902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A799 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4109 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4111 Severity: High Fixlet ID: 80002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A800 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4111 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-4115 Severity: High Fixlet ID: 80102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A801 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4115 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1099 Severity: High Fixlet ID: 80202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A802 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1099 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1097 Severity: High Fixlet ID: 80301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A803 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1097 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1103 Severity: High Fixlet ID: 80401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A804 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1103 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1106 Severity: High Fixlet ID: 80502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A805 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1106 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1110 Severity: High Fixlet ID: 80601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A806 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1110 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1096 Severity: High Fixlet ID: 80701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A807 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1096 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1100 Severity: High Fixlet ID: 80801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A808 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1100 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1105 Severity: High Fixlet ID: 80901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A809 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1105 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1108 Severity: High Fixlet ID: 81001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A810 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1108 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1098 Severity: High Fixlet ID: 81101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A811 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1098 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1101 Severity: High Fixlet ID: 81202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A812 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1101 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1102 Severity: High Fixlet ID: 81301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A813 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1102 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1107 Severity: High Fixlet ID: 81401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A814 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1107 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1109 Severity: High Fixlet ID: 81501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A815 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1109 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1104 Severity: High Fixlet ID: 81602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A816 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1104 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. From winvulns-announcements at bigmail.bigfix.com Tue Jun 14 05:20:52 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 14 Jun 2016 05:20:52 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 493 Published: Mon, 13 Jun 2016 17:52:12 GMT New Fixlets: ============ *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-0186 (MS16-052) Severity: High Fixlet ID: 81701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A817 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0186 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0191 and CVE-2016-0193. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-0191 (MS16-052) Severity: High Fixlet ID: 81801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A818 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0191 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-0193 (MS16-052) Severity: High Fixlet ID: 81901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A819 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0193 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191. From winvulns-announcements at bigmail.bigfix.com Fri Jun 17 05:21:14 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 17 Jun 2016 05:21:14 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 494 Published: Thu, 16 Jun 2016 17:44:44 GMT New Fixlets: ============ *************************************************************** Title: Padding oracle in AES-NI CBC MAC check - CVE-2016-2107 Severity: Low Fixlet ID: 82001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A820 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2107 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. *************************************************************** Title: Memory corruption in the ASN.1 encoder - CVE-2016-2108 Severity: High Fixlet ID: 82101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A821 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2108 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. *************************************************************** Title: ASN.1 BIO excessive memory allocation - CVE-2016-2109 Severity: High Fixlet ID: 82201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A822 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2109 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. *************************************************************** Title: EBCDIC overread - CVE-2016-2176 Severity: Medium Fixlet ID: 82301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A823 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2176 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. *************************************************************** Title: EVP_EncryptUpdate overflow - CVE-2016-2106 Severity: Medium Fixlet ID: 82401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A824 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2106 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. *************************************************************** Title: EVP_EncodeUpdate overflow - CVE-2016-2105 Severity: Medium Fixlet ID: 82501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A825 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2105 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. From winvulns-announcements at bigmail.bigfix.com Tue Jun 21 05:20:57 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 21 Jun 2016 05:20:57 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 495 Published: Mon, 20 Jun 2016 17:56:10 GMT New Fixlets: ============ *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3210 (MS16-063) Severity: High Fixlet ID: 82901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A829 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3210 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2016-0199 (MS16-063) Severity: High Fixlet ID: 85801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A858 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0199 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. *************************************************************** Title: Group Policy Elevation of Privilege Vulnerability - CVE-2016-3223 (MS16-072) Severity: High Fixlet ID: 85901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A859 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3223 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. *************************************************************** Title: Windows PDF Remote Code Execution Vulnerability - CVE-2016-3203 (MS16-068) Severity: High Fixlet ID: 86001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A860 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3203 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. *************************************************************** Title: WPAD Elevation of Privilege Vulnerability - CVE-2016-3213 (MS16-063/077) Severity: High Fixlet ID: 86101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A861 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3213 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3222 (MS16-068) Severity: High Fixlet ID: 86201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A862 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3222 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3214 (MS16-068) Severity: High Fixlet ID: 86301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A863 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3214 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. *************************************************************** Title: Microsoft Edge Security Feature Bypass - CVE-2016-3198 (MS16-068) Severity: Medium Fixlet ID: 86401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A864 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3198 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2016-0200 (MS16-063) Severity: High Fixlet ID: 86501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A865 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0200 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. *************************************************************** Title: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability - CVE-2016-3236 (MS16-077) Severity: High Fixlet ID: 86601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A866 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3236 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Microsoft Windows improperly handles certain proxy discovery scenarios using the Web Proxy Auto Discovery (WPAD) protocol method. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2016-3211 (MS16-063) Severity: High Fixlet ID: 86701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A867 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3211 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. *************************************************************** Title: Windows PDF Information Disclosure Vulnerability - CVE-2016-3215 (MS16-068) Severity: Medium Fixlet ID: 86801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A868 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3215 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Information disclosure vulnerabilities exist in Microsoft Windows when a user opens a specially crafted .pdf file. *************************************************************** Title: Internet Explorer XSS Filter Vulnerability - CVE-2016-3212 (MS16-063) Severity: Medium Fixlet ID: 86901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A869 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3212 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when the Internet Explorer XSS Filter does not properly validate JavaScript under specific conditions. *************************************************************** Title: Windows DNS Server Use After Free Vulnerability - CVE-2016-3227 (MS16-071) Severity: High Fixlet ID: 87101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A871 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3227 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3199 (MS16-068) Severity: High Fixlet ID: 87201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A872 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3199 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. From winvulns-announcements at bigmail.bigfix.com Fri Jun 24 05:20:47 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 24 Jun 2016 05:20:47 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 496 Published: Thu, 23 Jun 2016 17:58:01 GMT New Fixlets: ============ *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3207 (MS16-063/MS16-069) Severity: High Fixlet ID: 82601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A826 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3207 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3206 (MS16-063/MS16-069) Severity: High Fixlet ID: 82701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A827 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3206 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3205 (MS16-063/MS16-069) Severity: High Fixlet ID: 82801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A828 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3205 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Scripting Engine Memory Corruption Vulnerability. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3202 (MS16-063/MS16-068) Severity: High Fixlet ID: 83001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A830 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3202 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." *************************************************************** Title: Windows PDF Information Disclosure Vulnerability - CVE-2016-3201 (MS16-068) Severity: Medium Fixlet ID: 87001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A870 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3201 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Information disclosure vulnerabilities exist in Microsoft Windows when a user opens a specially crafted .pdf file. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4171 Severity: High Fixlet ID: 87301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A873 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4171 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier. *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-0025 (MS16-070) Severity: High Fixlet ID: 87401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A874 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0025 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."