[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jun 24 05:20:47 PDT 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 496 Published: Thu, 23 Jun 2016 17:58:01 GMT
New Fixlets:
============
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3207 (MS16-063/MS16-069)
Severity: High
Fixlet ID: 82601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A826
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3207
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Scripting Engine Memory Corruption Vulnerability.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3206 (MS16-063/MS16-069)
Severity: High
Fixlet ID: 82701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A827
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3206
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Scripting Engine Memory Corruption Vulnerability.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3205 (MS16-063/MS16-069)
Severity: High
Fixlet ID: 82801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A828
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3205
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Scripting Engine Memory Corruption Vulnerability.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-3202 (MS16-063/MS16-068)
Severity: High
Fixlet ID: 83001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A830
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3202
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
***************************************************************
Title: Windows PDF Information Disclosure Vulnerability - CVE-2016-3201 (MS16-068)
Severity: Medium
Fixlet ID: 87001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A870
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3201
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Information disclosure vulnerabilities exist in Microsoft Windows when a user opens a specially crafted .pdf file.
***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4171
Severity: High
Fixlet ID: 87301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A873
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4171
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
***************************************************************
Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-0025 (MS16-070)
Severity: High
Fixlet ID: 87401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A874
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0025
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
More information about the WinVulns-Announcements
mailing list