[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Nov 15 05:21:20 PST 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 570 Published: Tue, 14 Nov 2017 20:29:57 GMT
New Fixlets:
============
***************************************************************
Title: Incorrect signature handing in Networking - CVE-2017-5066
Severity: <Unspecified>
Fixlet ID: 282401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2824
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5066
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect signature handing in Networking.
***************************************************************
Title: Incorrect UI in Blink - CVE-2017-5065
Severity: <Unspecified>
Fixlet ID: 282501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2825
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5065
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect UI in Blink.
***************************************************************
Title: Use after free in Blink - CVE-2017-5064
Severity: <Unspecified>
Fixlet ID: 282701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2827
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5064
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in Blink.
***************************************************************
Title: Heap overflow in Skia - CVE-2017-5063
Severity: <Unspecified>
Fixlet ID: 282801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2828
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5063
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap overflow in Skia.
***************************************************************
Title: Address spoofing in Omnibox - CVE-2017-5072
Severity: <Unspecified>
Fixlet ID: 343301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3433
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5072
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Address spoofing in Omnibox
***************************************************************
Title: Type confusion in V8 - CVE-2017-5070
Severity: Medium
Fixlet ID: 343401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3434
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5070
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Type confusion in V8
***************************************************************
Title: UI spoofing in Blink - CVE-2017-5079
Severity: <Unspecified>
Fixlet ID: 343601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3436
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5079
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: UI spoofing in Blink
***************************************************************
Title: Address spoofing in Omnibox - CVE-2017-5076
Severity: <Unspecified>
Fixlet ID: 343701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3437
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5076
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Address spoofing in Omnibox
***************************************************************
Title: Possible command injection in mailto handling - CVE-2017-5078
Severity: <Unspecified>
Fixlet ID: 343801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3438
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Possible command injection in mailto handling
***************************************************************
Title: Use after free in Apps Bluetooth - CVE-2017-5074
Severity: Medium
Fixlet ID: 343901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3439
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5074
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in Apps Bluetooth
***************************************************************
Title: UI spoofing in Blink - CVE-2017-5083
Severity: <Unspecified>
Fixlet ID: 344001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3440
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5083
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: UI spoofing in Blink
***************************************************************
Title: Use after free in print preview - CVE-2017-5073
Severity: Medium
Fixlet ID: 344101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3441
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5073
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in print preview
***************************************************************
Title: Heap buffer overflow in Skia - CVE-2017-5077
Severity: <Unspecified>
Fixlet ID: 344201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3442
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5077
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap buffer overflow in Skia
***************************************************************
Title: Insufficient hardening in credit card editor - CVE-2017-5082
Severity: <Unspecified>
Fixlet ID: 344301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3443
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5082
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Insufficient hardening in credit card editor
***************************************************************
Title: Out of bounds read in V8 - CVE-2017-5071
Severity: Medium
Fixlet ID: 344401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3444
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5071
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out of bounds read in V8
***************************************************************
Title: Use after free in credit card autofill - CVE-2017-5080
Severity: <Unspecified>
Fixlet ID: 344501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3445
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5080
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in credit card autofill
***************************************************************
Title: Information leak in CSP reporting - CVE-2017-5075
Severity: <Unspecified>
Fixlet ID: 344601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3446
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5075
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Information leak in CSP reporting
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11805
Severity: High
Fixlet ID: 345401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3454
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11805
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
***************************************************************
Title: Microsoft Outlook Information Disclosure Vulnerability - CVE-2017-11776
Severity: Medium
Fixlet ID: 345901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3459
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11776
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
***************************************************************
Title: Skype for Business Elevation of Privilege Vulnerability - CVE-2017-11786
Severity: High
Fixlet ID: 346002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3460
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11786
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
***************************************************************
Title: Out-of-bounds write in PPAPI - CVE-2017-5099
Severity: <Unspecified>
Fixlet ID: 346901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3469
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5099
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds write in PPAPI.
***************************************************************
Title: Use after free in V8 - CVE-2017-5098
Severity: <Unspecified>
Fixlet ID: 347001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3470
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5098
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in V8.
***************************************************************
Title: Out-of-bounds read in Skia - CVE-2017-5097
Severity: <Unspecified>
Fixlet ID: 347101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3471
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5097
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read in Skia.
***************************************************************
Title: User information leak via SVG - CVE-2017-5107
Severity: <Unspecified>
Fixlet ID: 348401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3484
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5107
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: User information leak via SVG.
***************************************************************
Title: URL spoofing in OmniBox - CVE-2017-5101
Severity: <Unspecified>
Fixlet ID: 348501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3485
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5101
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoofing in OmniBox.
***************************************************************
Title: Type confusion in PDFium - CVE-2017-5108
Severity: <Unspecified>
Fixlet ID: 348601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3486
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5108
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Type confusion in PDFium.
***************************************************************
Title: Uninitialized use in Skia - CVE-2017-5103
Severity: <Unspecified>
Fixlet ID: 348801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3488
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5103
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Uninitialized use in Skia.
***************************************************************
Title: Uninitialized use in Skia - CVE-2017-5102
Severity: <Unspecified>
Fixlet ID: 348901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3489
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5102
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Uninitialized use in Skia.
***************************************************************
Title: URL spoofing in OmniBox - CVE-2017-5105
Severity: <Unspecified>
Fixlet ID: 349001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3490
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5105
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoofing in OmniBox.
***************************************************************
Title: UI spoofing in payments dialog - CVE-2017-5110
Severity: <Unspecified>
Fixlet ID: 349101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3491
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5110
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: UI spoofing in browser.
***************************************************************
Title: Use after free in Chrome Apps - CVE-2017-5100
Severity: <Unspecified>
Fixlet ID: 349201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3492
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5100
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in Chrome Apps.
***************************************************************
Title: URL spoofing in OmniBox - CVE-2017-5106
Severity: <Unspecified>
Fixlet ID: 349301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3493
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5106
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoofing in OmniBox.
***************************************************************
Title: UI spoofing in browser - CVE-2017-5109
Severity: <Unspecified>
Fixlet ID: 349401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3494
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5109
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: UI spoofing in browser.
***************************************************************
Title: Use after free in PDFium - CVE-2017-5126
Severity: <Unspecified>
Fixlet ID: 349501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3495
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5126
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in PDFium
***************************************************************
Title: Out of bounds read in V8 - CVE-2017-5088
Severity: <Unspecified>
Fixlet ID: 349602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3496
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5088
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
***************************************************************
Title: Incorrect stack manipulation in WebAssembly - CVE-2017-5132
Severity: <Unspecified>
Fixlet ID: 349701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3497
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5132
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect stack manipulation in WebAssembly
***************************************************************
Title: Use after free in WebAudio - CVE-2017-5129
Severity: <Unspecified>
Fixlet ID: 349801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3498
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5129
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in WebAudio
***************************************************************
Title: Domain spoofing in Omnibox - CVE-2017-5089
Severity: <Unspecified>
Fixlet ID: 349901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3499
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5089
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
***************************************************************
Title: Pointer disclosure in SQLite - CVE-2017-6991
Severity: Medium
Fixlet ID: 350001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3500
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6991
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Pointer disclosure in SQLite
***************************************************************
Title: Heap overflow in Skia - CVE-2017-5125
Severity: <Unspecified>
Fixlet ID: 350101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3501
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5125
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap overflow in Skia
***************************************************************
Title: UXSS with MHTML - CVE-2017-5124
Severity: <Unspecified>
Fixlet ID: 350201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3502
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5124
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: UXSS with MHTML
***************************************************************
Title: Use after free in PDFium - CVE-2017-5127
Severity: <Unspecified>
Fixlet ID: 350301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3503
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5127
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in PDFium
***************************************************************
Title: Heap overflow in WebGL - CVE-2017-5128
Severity: <Unspecified>
Fixlet ID: 350401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3504
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5128
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap overflow in WebGL
***************************************************************
Title: Use-after-free while deleting attached editor DOM node - CVE-2017-7809
Severity: <Unspecified>
Fixlet ID: 350501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3505
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7809
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
***************************************************************
Title: Domain hijacking through AppCache fallback - CVE-2017-7807
Severity: <Unspecified>
Fixlet ID: 350601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3506
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7807
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
***************************************************************
Title: Use-after-free with marquee during window resizing - CVE-2017-7801
Severity: <Unspecified>
Fixlet ID: 350701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3507
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7801
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
***************************************************************
Title: Use-after-free resizing image elements - CVE-2017-7802
Severity: <Unspecified>
Fixlet ID: 350802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3508
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7802
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
***************************************************************
Title: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7804
Severity: <Unspecified>
Fixlet ID: 350901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3509
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7804
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
***************************************************************
Title: CSP containing 'sandbox' improperly applied - CVE-2017-7803
Severity: <Unspecified>
Fixlet ID: 351001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3510
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7803
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
***************************************************************
Title: Heap overflow in libxml2 - CVE-2017-5130
Severity: <Unspecified>
Fixlet ID: 351601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3516
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5130
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap overflow in libxml2.
***************************************************************
Title: Content security bypass - CVE-2017-15387
Severity: <Unspecified>
Fixlet ID: 351701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3517
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15387
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Content security bypass.
***************************************************************
Title: URL spoofing in OmniBox - CVE-2017-15389
Severity: <Unspecified>
Fixlet ID: 351801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3518
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15389
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoofing in OmniBox.
***************************************************************
Title: UI spoofing in Blink - CVE-2017-15386
Severity: <Unspecified>
Fixlet ID: 351901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3519
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15386
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: UI spoofing in Blink.
***************************************************************
Title: Out of bounds write in Skia - CVE-2017-5133
Severity: <Unspecified>
Fixlet ID: 352001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3520
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5133
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out of bounds write in Skia.
***************************************************************
Title: Out of bounds read in Skia - CVE-2017-15388
Severity: <Unspecified>
Fixlet ID: 352101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3521
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15388
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out of bounds read in Skia.
***************************************************************
Title: Out of bounds write in Skia - CVE-2017-5131
Severity: <Unspecified>
Fixlet ID: 352201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3522
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5131
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out of bounds write in Skia.
***************************************************************
Title: Inappropriate javascript execution on WebUI pages - CVE-2017-5085
Severity: <Unspecified>
Fixlet ID: 352601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3526
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5085
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.
***************************************************************
Title: Address spoofing in Omnibox - CVE-2017-5086
Severity: <Unspecified>
Fixlet ID: 354301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3543
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5086
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
***************************************************************
Title: Incorrect handling of picture ID in WebRTC - CVE-2017-5068
Severity: Medium
Fixlet ID: 354402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3544
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5068
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.
***************************************************************
Title: An out-of-bounds read in V8 - CVE-2017-5053
Severity: Medium
Fixlet ID: 354501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3545
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5053
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
***************************************************************
Title: An incorrect assumption about block structure in Blink - CVE-2017-5052
Severity: Medium
Fixlet ID: 354601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3546
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5052
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.
***************************************************************
Title: An out-of-bounds read in V8 - CVE-2017-5054
Severity: Medium
Fixlet ID: 354701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3547
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5054
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.
***************************************************************
Title: A use after free in printing - CVE-2017-5055
Severity: High
Fixlet ID: 354801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3548
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5055
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
***************************************************************
Title: A use after free in Blink - CVE-2017-5056
Severity: Medium
Fixlet ID: 354901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3549
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5056
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
***************************************************************
Title: Blink in Google Chrome - CVE-2017-5027
Severity: Medium
Fixlet ID: 355001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3550
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5027
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL - CVE-2017-10365
Severity: Medium
Fixlet ID: 355301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3553
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10365
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL - CVE-2017-10284
Severity: Medium
Fixlet ID: 355401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3554
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10284
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL - CVE-2017-10296
Severity: Medium
Fixlet ID: 355501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3555
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10296
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Extension limitation bypass in Extensions - CVE-2017-15391
Severity: <Unspecified>
Fixlet ID: 355602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3556
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15391
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Extension limitation bypass in Extensions.
***************************************************************
Title: Null pointer dereference in ImageCapture - CVE-2017-15395
Severity: <Unspecified>
Fixlet ID: 355701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3557
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15395
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Null pointer dereference in ImageCapture.
***************************************************************
Title: URL spoofing in extensions UI - CVE-2017-15394
Severity: <Unspecified>
Fixlet ID: 355801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3558
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15394
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoofing in extensions UI.
***************************************************************
Title: URL spoofing in OmniBox - CVE-2017-15390
Severity: <Unspecified>
Fixlet ID: 355901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3559
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15390
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoofing in OmniBox.
***************************************************************
Title: Referrer leak in Devtools - CVE-2017-15393
Severity: <Unspecified>
Fixlet ID: 356001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3560
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15393
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Referrer leak in Devtools.
***************************************************************
Title: Incorrect registry key handling in PlatformIntegration - CVE-2017-15392
Severity: <Unspecified>
Fixlet ID: 356101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3561
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15392
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect registry key handling in PlatformIntegration.
***************************************************************
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144 - CVE-2016-9841
Severity: High
Fixlet ID: 357302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3573
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9841
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL - CVE-2017-10167
Severity: Medium
Fixlet ID: 357501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3575
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10167
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS) - CVE-2017-10311
Severity: Medium
Fixlet ID: 357601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3576
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10311
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS) - CVE-2017-10320
Severity: Medium
Fixlet ID: 357702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3577
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10320
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS) - CVE-2017-10313
Severity: Medium
Fixlet ID: 357801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3578
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10313
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication) - CVE-2017-10165
Severity: Medium
Fixlet ID: 357901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3579
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10165
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
More information about the WinVulns-Announcements
mailing list