Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 152	Published: Thu, 22 Jan 2009 17:02:18  GMT

New Fixlets:
============

***************************************************************
Title: SMB Validation Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 524801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5248.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4835
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: SMB Buffer Overflow Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 586301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5863.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4834
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: srv.sys in Microsoft Windows Vista SP1 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, as demonstrated by a request to the \PIPE\lsarpc named pipe.

***************************************************************
Title: SMB Validation Denial of Service Vulnerability
Severity: High
Fixlet ID: 604401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6044.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4114
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: srv.sys in Microsoft Windows Vista SP1 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, as demonstrated by a request to the \PIPE\lsarpc named pipe.