From winvulns-announcements at bigmail.bigfix.com Thu Feb 9 05:21:05 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Thu, 9 Feb 2017 05:21:05 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 537 Published: Wed, 08 Feb 2017 22:49:21 GMT New Fixlets: ============ *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability - CVE-2017-2942 Severity: High Fixlet ID: 171601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1716 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2942 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2940 Severity: High Fixlet ID: 171701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1717 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2940 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2941 Severity: High Fixlet ID: 171802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1718 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2941 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2955 Severity: High Fixlet ID: 172701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1727 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2955 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2957 Severity: High Fixlet ID: 172802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1728 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2957 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2954 Severity: High Fixlet ID: 172902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1729 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2954 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2958 Severity: High Fixlet ID: 173002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1730 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2958 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2959 Severity: High Fixlet ID: 173101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1731 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2959 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2956 Severity: High Fixlet ID: 173201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1732 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2956 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability - CVE-2017-2948 Severity: High Fixlet ID: 173301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1733 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2948 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2953 Severity: High Fixlet ID: 173401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1734 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2953 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability - CVE-2017-2945 Severity: High Fixlet ID: 173502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1735 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2945 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability - CVE-2017-2952 Severity: High Fixlet ID: 173602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1736 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2952 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability - CVE-2017-2947 Severity: Medium Fixlet ID: 173702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1737 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2947 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2944 Severity: High Fixlet ID: 173802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1738 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2944 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability - CVE-2017-2951 Severity: High Fixlet ID: 173901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1739 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2951 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability - CVE-2017-2950 Severity: High Fixlet ID: 174002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1740 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2950 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability - CVE-2017-2946 Severity: High Fixlet ID: 174102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1741 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2946 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2943 Severity: High Fixlet ID: 174202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1742 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2943 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability - CVE-2017-2949 Severity: High Fixlet ID: 174302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1743 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2949 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2966 Severity: High Fixlet ID: 174402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1744 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2966 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2963 Severity: High Fixlet ID: 174501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1745 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2963 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2967 Severity: High Fixlet ID: 174601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1746 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2967 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2960 Severity: High Fixlet ID: 174701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1747 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2960 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2962 Severity: High Fixlet ID: 174802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1748 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2962 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2964 Severity: High Fixlet ID: 174902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1749 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2964 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2961 Severity: High Fixlet ID: 175002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1750 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2961 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier - CVE-2017-2965 Severity: High Fixlet ID: 175102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1751 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2965 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i - CVE-2014-3566 Severity: Medium Fixlet ID: 176502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1765 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.