[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Nov 18 05:20:53 PST 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 522 Published: Thu, 17 Nov 2016 23:19:15 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 (CVE-2016-2208)
Severity: High
Fixlet ID: 140401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1404
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2208
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
***************************************************************
Title: Graphics Component Buffer Overflow Vulnerability - CVE-2015-2510 (MS15-097)
Severity: High
Fixlet ID: 140502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1405
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2510
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability."
***************************************************************
Title: Windows Journal RCE Vulnerability - CVE-2015-2530 (MS15-098)
Severity: High
Fixlet ID: 140701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1407
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2530
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514.
***************************************************************
Title: Windows Journal Integer Overflow RCE Vulnerability - CVE-2015-2519 (MS15-098)
Severity: High
Fixlet ID: 140801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1408
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2519
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability."
***************************************************************
Title: Windows Journal RCE Vulnerability - CVE-2015-2513 (MS15-098)
Severity: High
Fixlet ID: 140901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1409
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2513
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530.
***************************************************************
Title: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 - CVE-2014-9163
Severity: High
Fixlet ID: 141001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1410
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9163
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
***************************************************************
Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7860
Severity: High
Fixlet ID: 141102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1411
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7860
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7859
Severity: High
Fixlet ID: 141201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1412
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7859
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7857
Severity: High
Fixlet ID: 141302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1413
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7857
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7861
Severity: High
Fixlet ID: 141402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1414
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7861
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier - CVE-2016-7858
Severity: High
Fixlet ID: 141501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1415
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7858
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability - CVE-2016-7864
Severity: High
Fixlet ID: 141602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1416
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7864
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability - CVE-2016-7865
Severity: High
Fixlet ID: 141702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1417
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7865
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability - CVE-2016-7862
Severity: High
Fixlet ID: 141802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1418
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7862
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability - CVE-2016-7863
Severity: High
Fixlet ID: 141901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1419
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7863
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
More information about the WinVulns-Announcements
mailing list