From winvulns-announcements at bigmail.bigfix.com Fri Nov 11 05:21:03 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 11 Nov 2016 05:21:03 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 520 Published: Thu, 10 Nov 2016 23:15:48 GMT New Fixlets: ============ *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows - CVE-2016-7855 Severity: High Fixlet ID: 133102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1331 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7855 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7663 Severity: High Fixlet ID: 133202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1332 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7663 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7661 Severity: High Fixlet ID: 134402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1344 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7661 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted getBounds call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7660 Severity: High Fixlet ID: 134501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1345 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7660 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7658 Severity: High Fixlet ID: 134601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1346 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7658 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7652 Severity: High Fixlet ID: 134701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1347 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7652 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7657 Severity: High Fixlet ID: 134801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1348 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7657 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7653 Severity: High Fixlet ID: 134902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1349 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7653 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted globalToLocal arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7656 Severity: High Fixlet ID: 135001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1350 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7656 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionImplementsOp arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7655 Severity: High Fixlet ID: 135102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1351 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7655 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionExtends arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7662 Severity: High Fixlet ID: 135202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1352 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7662 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7654 Severity: High Fixlet ID: 135302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1353 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7654 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7659 Severity: High Fixlet ID: 135402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1354 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7659 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 - CVE-2015-7651 Severity: High Fixlet ID: 135502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1355 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7651 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atoms, a different vulnerability than CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. *************************************************************** Title: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8459 Severity: High Fixlet ID: 135602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1356 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8459 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8646 Severity: High Fixlet ID: 135702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1357 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8646 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8643 Severity: High Fixlet ID: 135802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1358 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8643 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8641 Severity: High Fixlet ID: 135902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1359 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8641 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8636 Severity: High Fixlet ID: 136002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1360 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8636 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8645. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8635 Severity: High Fixlet ID: 136102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1361 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8635 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8634 Severity: High Fixlet ID: 136202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1362 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8634 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8649 Severity: High Fixlet ID: 136302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1363 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8649 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8650 Severity: High Fixlet ID: 136402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1364 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8650 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8640 Severity: High Fixlet ID: 136502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1365 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8640 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8644 Severity: High Fixlet ID: 136602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1366 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8644 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8647 Severity: High Fixlet ID: 136702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1367 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8647 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8460 Severity: High Fixlet ID: 136802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1368 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8460 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8639 Severity: High Fixlet ID: 136902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1369 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8639 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8638 Severity: High Fixlet ID: 137002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1370 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8638 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8642 Severity: High Fixlet ID: 137102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1371 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8642 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. *************************************************************** Title: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8645 Severity: High Fixlet ID: 137302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1373 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8645 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8636. *************************************************************** Title: Microsoft Office RCE Vulnerability - CVE-2015-6172 Severity: High Fixlet ID: 137402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1374 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6172 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7193 (MS16-121) Severity: High Fixlet ID: 137502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1375 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7193 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Scripting Engine Remote Code Execution Vulnerability - CVE-2016-7189 (MS16-119) Severity: High Fixlet ID: 137802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1378 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7189 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability." *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2485 (MS15-094/095) Severity: High Fixlet ID: 138002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1380 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2485 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2494 (MS15-094/095) Severity: High Fixlet ID: 138102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1381 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2494 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2501 (MS15-094) Severity: High Fixlet ID: 138202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1382 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2501 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2542 (MS15-094/095) Severity: High Fixlet ID: 138302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1383 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2542 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2499 (MS15-094) Severity: High Fixlet ID: 138402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1384 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2499 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2490 (MS15-094) Severity: High Fixlet ID: 138502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1385 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2490 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2492 (MS15-094) Severity: High Fixlet ID: 138602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1386 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2492 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2487 (MS15-094) Severity: High Fixlet ID: 138702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1387 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2487 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2491 (MS15-094) Severity: High Fixlet ID: 138802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1388 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2491 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2541. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2500 (MS15-094) Severity: High Fixlet ID: 138902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1389 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2500 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2498 (MS15-094) Severity: High Fixlet ID: 139002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1390 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2498 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2486 (MS15-094/095) Severity: High Fixlet ID: 139102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1391 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2486 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. *************************************************************** Title: Memory Corruption Vulnerability - CVE-2015-2541 (MS15-094) Severity: High Fixlet ID: 139202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1392 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2541 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2491. *************************************************************** Title: Windows Graphics Component RCE Vulnerability - CVE-2016-3393 (MS16-120) Severity: High Fixlet ID: 139302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1393 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3393 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability." *************************************************************** Title: Internet Explorer Information Disclosure Vulnerability - CVE-2016-3298 (MS16-118) Severity: Low Fixlet ID: 139402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1394 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3298 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." From winvulns-announcements at bigmail.bigfix.com Tue Nov 15 05:21:28 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 15 Nov 2016 05:21:28 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 521 Published: Tue, 15 Nov 2016 01:25:14 GMT New Fixlets: ============ *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows - CVE-2015-8648 Severity: High Fixlet ID: 137202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1372 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8648 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8649, and CVE-2015-8650. From winvulns-announcements at bigmail.bigfix.com Fri Nov 18 05:20:53 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 18 Nov 2016 05:20:53 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 522 Published: Thu, 17 Nov 2016 23:19:15 GMT New Fixlets: ============ *************************************************************** Title: Vulnerability in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 (CVE-2016-2208) Severity: High Fixlet ID: 140401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1404 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2208 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. *************************************************************** Title: Graphics Component Buffer Overflow Vulnerability - CVE-2015-2510 (MS15-097) Severity: High Fixlet ID: 140502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1405 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2510 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability." *************************************************************** Title: Windows Journal RCE Vulnerability - CVE-2015-2530 (MS15-098) Severity: High Fixlet ID: 140701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1407 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2530 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514. *************************************************************** Title: Windows Journal Integer Overflow RCE Vulnerability - CVE-2015-2519 (MS15-098) Severity: High Fixlet ID: 140801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1408 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2519 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability." *************************************************************** Title: Windows Journal RCE Vulnerability - CVE-2015-2513 (MS15-098) Severity: High Fixlet ID: 140901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1409 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2513 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530. *************************************************************** Title: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 - CVE-2014-9163 Severity: High Fixlet ID: 141001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1410 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9163 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. *************************************************************** Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7860 Severity: High Fixlet ID: 141102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1411 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7860 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7859 Severity: High Fixlet ID: 141201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1412 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7859 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7857 Severity: High Fixlet ID: 141302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1413 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7857 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7861 Severity: High Fixlet ID: 141402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1414 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7861 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7858 Severity: High Fixlet ID: 141501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1415 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7858 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability - CVE-2016-7864 Severity: High Fixlet ID: 141602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1416 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7864 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability - CVE-2016-7865 Severity: High Fixlet ID: 141702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1417 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7865 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability - CVE-2016-7862 Severity: High Fixlet ID: 141802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1418 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7862 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability - CVE-2016-7863 Severity: High Fixlet ID: 141901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1419 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7863 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. From winvulns-announcements at bigmail.bigfix.com Tue Nov 22 05:21:09 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 22 Nov 2016 05:21:09 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 524 Published: Mon, 21 Nov 2016 22:50:52 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2016-7195 (MS16-129/MS16-142) Severity: High Fixlet ID: 142002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1420 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7195 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198. *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2016-7199 (MS16-129/MS16-142) Severity: Low Fixlet ID: 142101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1421 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7199 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability. *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2016-7198 (MS16-129/MS16-142) Severity: High Fixlet ID: 142201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1422 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7198 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7195. *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2016-7196 (MS16-129/MS16-142) Severity: High Fixlet ID: 142302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1423 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7196 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7213 (MS16-133) Severity: High Fixlet ID: 142502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1425 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7213 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7232 (MS16-133) Severity: High Fixlet ID: 142602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1426 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7232 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7201 (MS16-129) Severity: High Fixlet ID: 142702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1427 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7201 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7200 (MS16-129) Severity: High Fixlet ID: 142801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1428 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7200 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7203 (MS16-129) Severity: High Fixlet ID: 142901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1429 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7203 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7202 (MS16-129) Severity: High Fixlet ID: 143001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1430 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7202 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. From winvulns-announcements at bigmail.bigfix.com Wed Nov 30 05:21:10 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 30 Nov 2016 05:21:10 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 525 Published: Tue, 29 Nov 2016 20:08:42 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7229 (MS16-133) Severity: High Fixlet ID: 144501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1445 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7229 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7235 (MS16-133) Severity: High Fixlet ID: 144602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1446 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7235 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7228 (MS16-133) Severity: High Fixlet ID: 144701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1447 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7228 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7231 (MS16-133) Severity: High Fixlet ID: 144802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1448 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7231 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7230 (MS16-133) Severity: High Fixlet ID: 144901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1449 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7230 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7245 (MS16-133) Severity: High Fixlet ID: 145001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1450 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7245 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-7233 (MS16-133) Severity: Medium Fixlet ID: 145102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1451 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7233 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." *************************************************************** Title: Microsoft Office Denial of Service Vulnerability - CVE-2016-7244 (MS16-133) Severity: Medium Fixlet ID: 145202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1452 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7244 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7236 (MS16-133) Severity: High Fixlet ID: 145301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1453 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7236 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7234 (MS16-133) Severity: High Fixlet ID: 145402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1454 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7234 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-7184 (MS16-134) Severity: High Fixlet ID: 145502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1455 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7184 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3343 (MS16-134) Severity: High Fixlet ID: 145602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1456 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3343 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-0026 (MS16-134) Severity: High Fixlet ID: 145701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1457 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0026 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3342 (MS16-134) Severity: High Fixlet ID: 145802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1458 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3342 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3338 (MS16-134) Severity: High Fixlet ID: 145901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1459 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3338 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3334 (MS16-134) Severity: High Fixlet ID: 146002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1460 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3334 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3333 (MS16-134) Severity: High Fixlet ID: 146101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1461 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3333 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3340 (MS16-134) Severity: High Fixlet ID: 146202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1462 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3340 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3332 (MS16-134) Severity: High Fixlet ID: 146302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1463 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3332 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2016-3335 (MS16-134) Severity: High Fixlet ID: 146402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1464 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3335 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. *************************************************************** Title: Microsoft Edge Spoofing Vulnerability - CVE-2016-7209 (MS16-129) Severity: Low Fixlet ID: 146501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1465 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7209 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." *************************************************************** Title: Microsoft Browser Information Disclosure Vulnerability - CVE-2016-7227 (MS16-129/MS16-142) Severity: Low Fixlet ID: 146602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1466 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7227 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2016-7204 (MS16-129) Severity: Low Fixlet ID: 146701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1467 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7204 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2016-7241 (MS16-129/MS16-142) Severity: High Fixlet ID: 146802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1468 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7241 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." *************************************************************** Title: Microsoft Browser Information Disclosure Vulnerability - CVE-2016-7239 (MS16-129/MS16-142) Severity: Low Fixlet ID: 146902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1469 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7239 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7208 (MS16-129) Severity: High Fixlet ID: 147001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1470 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7208 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7240 (MS16-129) Severity: High Fixlet ID: 147102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1471 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7240 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7243 (MS16-129) Severity: High Fixlet ID: 147201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1472 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7243 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2016-7242 (MS16-129) Severity: High Fixlet ID: 147301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1473 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7242 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243. *************************************************************** Title: Windows Remote Code Execution Vulnerability - CVE-2016-7212 (MS16-130) Severity: High Fixlet ID: 147401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1474 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7212 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."