[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Jan 19 05:20:59 PST 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 535 Published: Wed, 18 Jan 2017 23:34:25 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft Edge Elevation of Privilege Vulnerability - CVE-2017-0002 (MS17-001)
Severity: Medium
Fixlet ID: 170602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1706
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0002
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
***************************************************************
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2939
Severity: High
Fixlet ID: 171502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1715
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2939
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution.
More information about the WinVulns-Announcements
mailing list