From winvulns-announcements at bigmail.bigfix.com Tue Sep 13 05:21:03 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 13 Sep 2016 05:21:03 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 508 Published: Tue, 13 Sep 2016 00:27:12 GMT New Fixlets: ============ *************************************************************** Title: Use-after-free during processing of DER encoded keys in NSS - CVE-2016-1979 Severity: Medium Fixlet ID: 107102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1071 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1979 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. *************************************************************** Title: Use-after-free in NSS during SSL connections in low memory - CVE-2016-1978 Severity: High Fixlet ID: 107301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1073 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1978 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. *************************************************************** Title: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process - CVE-2016-1706 Severity: High Fixlet ID: 108902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1089 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1706 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. *************************************************************** Title: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 - CVE-2016-1708 Severity: Medium Fixlet ID: 109201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1092 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1708 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. *************************************************************** Title: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82 - CVE-2016-5127 Severity: Medium Fixlet ID: 109402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1094 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5127 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 - CVE-2016-1705 Severity: Medium Fixlet ID: 109502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1095 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1705 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82 - CVE-2016-1711 Severity: Medium Fixlet ID: 109702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1097 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1711 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. *************************************************************** Title: Vulnerability in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 - CVE-2016-2808 Severity: Medium Fixlet ID: 110001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1100 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2808 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 - CVE-2016-4178 Severity: Medium Fixlet ID: 110202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1102 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4178 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 - CVE-2016-4181 Severity: High Fixlet ID: 110402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1104 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4181 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 - CVE-2016-4190 Severity: High Fixlet ID: 110801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1108 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4190 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 - CVE-2016-4183 Severity: High Fixlet ID: 111001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1110 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4183 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. *************************************************************** Title: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 - CVE-2016-4223 Severity: Medium Fixlet ID: 111802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1118 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4223 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225. *************************************************************** Title: Heap overflow in PDFium - CVE-2016-5157 Severity: Medium Fixlet ID: 112701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1127 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5157 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap overflow in PDFium. From winvulns-announcements at bigmail.bigfix.com Fri Sep 16 05:21:02 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 16 Sep 2016 05:21:02 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 509 Published: Thu, 15 Sep 2016 21:05:58 GMT New Fixlets: ============ *************************************************************** Title: Universal XSS in Blink - CVE-2016-5147 Severity: Medium Fixlet ID: 112801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1128 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5147 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." *************************************************************** Title: Use after free in Blink - CVE-2016-5150 Severity: Medium Fixlet ID: 112901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1129 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5150 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. *************************************************************** Title: Universal XSS in Blink - CVE-2016-5148 Severity: Medium Fixlet ID: 113002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1130 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5148 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." *************************************************************** Title: Use after destruction in Blink - CVE-2016-5153 Severity: Medium Fixlet ID: 113101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1131 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5153 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. *************************************************************** Title: Use after free in PDFium - CVE-2016-5151 Severity: Medium Fixlet ID: 113202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1132 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5151 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. *************************************************************** Title: Use after free in event bindings - CVE-2016-5156 Severity: Medium Fixlet ID: 113302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1133 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5156 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. *************************************************************** Title: Heap overflow in PDFium - CVE-2016-5154 Severity: Medium Fixlet ID: 113402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1134 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5154 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image. *************************************************************** Title: Heap overflow in PDFium - CVE-2016-5152 Severity: Medium Fixlet ID: 113502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1135 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5152 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. *************************************************************** Title: Address bar spoofing - CVE-2016-5155 Severity: Medium Fixlet ID: 113602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1136 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5155 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. *************************************************************** Title: Script injection in extensions - CVE-2016-5149 Severity: Medium Fixlet ID: 113702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1137 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5149 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. *************************************************************** Title: The download implementation in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5166 Severity: Low Fixlet ID: 113801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1138 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5166 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. *************************************************************** Title: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5163 Severity: Medium Fixlet ID: 113901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1139 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5163 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. *************************************************************** Title: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5165 Severity: Medium Fixlet ID: 114002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1140 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5165 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string. *************************************************************** Title: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5161 Severity: Medium Fixlet ID: 114102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1141 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5161 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. *************************************************************** Title: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5158 Severity: Medium Fixlet ID: 114202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1142 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5158 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5167 Severity: High Fixlet ID: 114302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1143 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5167 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5164 Severity: Medium Fixlet ID: 114402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1144 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5164 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." *************************************************************** Title: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5162 Severity: Medium Fixlet ID: 114502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1145 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5162 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. *************************************************************** Title: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5159 Severity: Medium Fixlet ID: 114602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1146 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5159 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. *************************************************************** Title: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows - CVE-2016-5160 Severity: Medium Fixlet ID: 114701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1147 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5160 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162. From winvulns-announcements at bigmail.bigfix.com Fri Sep 23 05:21:02 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 23 Sep 2016 05:21:02 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 511 Published: Thu, 22 Sep 2016 22:24:40 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Browser Information Disclosure Vulnerability - CVE-2016-3351 (MS16-104) Severity: Low Fixlet ID: 116301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1163 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3351 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." *************************************************************** Title: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 - CVE-2016-1010 Severity: High Fixlet ID: 116401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1164 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1010 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK and Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. *************************************************************** Title: Vulnerability in Adobe Flash Player 21.0.0.197 and earlier - CVE-2016-1019 Severity: High Fixlet ID: 116502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1165 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1019 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4280 Severity: High Fixlet ID: 116601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1166 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4280 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4274 Severity: High Fixlet ID: 116702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1167 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4274 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4281 Severity: High Fixlet ID: 116802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1168 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4281 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4277 Severity: Medium Fixlet ID: 116901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1169 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4277 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4282 Severity: High Fixlet ID: 117001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1170 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4282 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4283 Severity: High Fixlet ID: 117101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1171 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4283 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4271 Severity: Medium Fixlet ID: 117201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1172 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4271 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4284 Severity: High Fixlet ID: 117301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1173 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4284 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4276 Severity: High Fixlet ID: 117401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1174 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4276 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4279 Severity: High Fixlet ID: 117502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1175 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4279 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4278 Severity: Medium Fixlet ID: 117601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1176 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4278 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4277. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4272 Severity: High Fixlet ID: 117701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1177 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4272 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 - CVE-2016-4275 Severity: High Fixlet ID: 117802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1178 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4275 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257 - CVE-2016-6936 Severity: Medium Fixlet ID: 117901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1179 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6936 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe AIR SDK and Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. From winvulns-announcements at bigmail.bigfix.com Wed Sep 28 05:20:53 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 28 Sep 2016 05:20:53 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 512 Published: Tue, 27 Sep 2016 21:34:29 GMT New Fixlets: ============ *************************************************************** Title: Use after free in Blink - CVE-2016-5171 Severity: Medium Fixlet ID: 118002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1180 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5171 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. *************************************************************** Title: Use after free in Blink - CVE-2016-5170 Severity: Medium Fixlet ID: 118101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1181 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5170 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. *************************************************************** Title: Arbitrary Memory Read in v8 - CVE-2016-5172 Severity: Medium Fixlet ID: 118202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1182 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5172 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. From winvulns-announcements at bigmail.bigfix.com Fri Sep 30 05:20:51 2016 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 30 Sep 2016 05:20:51 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 513 Published: Thu, 29 Sep 2016 21:04:18 GMT New Fixlets: ============ *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6927 Severity: High Fixlet ID: 118301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1183 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6927 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6922 Severity: High Fixlet ID: 118401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1184 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6922 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6924. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6925 Severity: High Fixlet ID: 118502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1185 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6925 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6923 Severity: High Fixlet ID: 118602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1186 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6923 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6924 Severity: High Fixlet ID: 118701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1187 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6924 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6926 Severity: High Fixlet ID: 118801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1188 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6926 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6932 Severity: High Fixlet ID: 118902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1189 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6932 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931. *************************************************************** Title: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-4285 Severity: High Fixlet ID: 119002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1190 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4285 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-6922, and CVE-2016-6924. *************************************************************** Title: Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-4287 Severity: High Fixlet ID: 119102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1191 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4287 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6929 Severity: High Fixlet ID: 119202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1192 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6929 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6931 Severity: High Fixlet ID: 119301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1193 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6931 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6930 Severity: High Fixlet ID: 119402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1194 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6930 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows - CVE-2016-6921 Severity: High Fixlet ID: 119501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1195 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6921 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. *************************************************************** Title: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests - CVE-2016-5174 Severity: Medium Fixlet ID: 119602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1196 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5174 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. *************************************************************** Title: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype - CVE-2016-5173 Severity: Medium Fixlet ID: 119702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1197 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5173 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. *************************************************************** Title: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service - CVE-2016-5175 Severity: Medium Fixlet ID: 119801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1198 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5175 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17 - CVE-2016-6662 Severity: High Fixlet ID: 119901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1199 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6662 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.