Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 131	Published: Fri, 26 Sep 2008 18:48:16  GMT

New Fixlets:
============

***************************************************************
Title: Microsoft Windows  WRITE_ANDX SMB command handling Kernel DoS
Severity: High
Fixlet ID: 526201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5262.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4114
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: srv.sys in Microsoft Windows Vista SP1 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, as demonstrated by a request to the \PIPE\lsarpc named pipe.

***************************************************************
Title: Apple iTunes Local Privilege Escalation Vulnerability
Severity: High
Fixlet ID: 603501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6035.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3636
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in an unspecified third-party driver bundled with Apple iTunes before 8.0 on Windows allows local users to gain privileges via unknown vectors.