[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Sat Jan 14 05:21:25 PST 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 534 Published: Fri, 13 Jan 2017 21:24:32 GMT
New Fixlets:
============
***************************************************************
Title: Windows Common Log File System Driver Information Disclosure Vulnerability - CVE-2016-7295 (MS16-153)
Severity: Low
Fixlet ID: 168001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1680
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7295
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability."
***************************************************************
Title: Windows Kernel Memory Address Information Disclosure Vulnerability - CVE-2016-7258 (MS16-152)
Severity: Low
Fixlet ID: 168101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1681
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7258
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."
***************************************************************
Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-7277 (MS16-148)
Severity: High
Fixlet ID: 168401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1684
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7277
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
***************************************************************
Title: Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 - CVE-2015-3104
Severity: High
Fixlet ID: 168502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1685
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3104
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK and Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.
***************************************************************
Title: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 - CVE-2015-8446
Severity: High
Fixlet ID: 168602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1686
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8446
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK and Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438.
***************************************************************
Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-7265 (MS16-148)
Severity: Medium
Fixlet ID: 168702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1687
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7262
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
***************************************************************
Title: Microsoft Office Security Feature Bypass Vulnerability - CVE-2016-7262 (MS16-148)
Severity: Medium
Fixlet ID: 168802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1688
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7262
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
***************************************************************
Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-7264 (MS16-148)
Severity: Medium
Fixlet ID: 168901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1689
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7264
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
***************************************************************
Title: Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18 - CVE-2016-6663
Severity: Medium
Fixlet ID: 169101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1691
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
***************************************************************
Title: Vulnerability in Samsung Security Manager (SSM) before 1.31 (CVE-2015-3435)
Severity: High
Fixlet ID: 170302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1703
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3435
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
***************************************************************
Title: Vulnerability - CVE-2017-0004 (MS17-004)
Severity: High
Fixlet ID: 170501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1705
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0004
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: LSASS service
More information about the WinVulns-Announcements
mailing list