[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Jun 27 05:21:04 PDT 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 548 Published: Mon, 26 Jun 2017 18:47:08 GMT
New Fixlets:
============
***************************************************************
Title: Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows - CVE-2015-3133
Severity: High
Fixlet ID: 241502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2415
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3133
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK and Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3134, and CVE-2015-4431
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8548
Severity: High
Fixlet ID: 250601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2506
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8548
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8520
Severity: High
Fixlet ID: 250701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2507
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8520
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8517
Severity: High
Fixlet ID: 250801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2508
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8517
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8549
Severity: High
Fixlet ID: 250901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2509
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8549
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8521
Severity: High
Fixlet ID: 251001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2510
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8521
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8499
Severity: High
Fixlet ID: 251101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2511
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8499
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8522
Severity: High
Fixlet ID: 251301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2513
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8522
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524.
***************************************************************
Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-8523
Severity: Medium
Fixlet ID: 252501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2525
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8523
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.
***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8498
Severity: Medium
Fixlet ID: 252601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2526
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8498
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504.
***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8504
Severity: Medium
Fixlet ID: 252701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2527
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8504
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498.
***************************************************************
Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-8555
Severity: Medium
Fixlet ID: 252801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2528
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8555
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.
***************************************************************
Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-8530
Severity: Medium
Fixlet ID: 253001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2530
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8530
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.
***************************************************************
Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-8497
Severity: High
Fixlet ID: 253101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2531
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8497
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496.
***************************************************************
Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-8496
Severity: High
Fixlet ID: 253201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2532
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8496
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
***************************************************************
Title: Windows Search Remote Code Execution Vulnerability - CVE-2017-8464
Severity: High
Fixlet ID: 254301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2543
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8464
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
More information about the WinVulns-Announcements
mailing list