Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 164	Published: Wed, 15 Apr 2009 07:53:53  GMT

New Fixlets:
============

***************************************************************
Title: Opera Web Browser Denial Of Service Vulnerability
Severity: Medium
Fixlet ID: 543201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5432.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1234
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags.

***************************************************************
Title: Apple Safari Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 555901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5559.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1233
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.

***************************************************************
Title: Opera Execution of arbitrary code Vulnerability
Severity: High
Fixlet ID: 595501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5955.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0914
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.

***************************************************************
Title: MS PowerPoint File Parsing Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 620401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6204.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0556
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint file that triggers access to an "invalid object in memory," as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen.

***************************************************************
Title: Opera cross-domain scripting attacks Vulnerability
Severity: Medium
Fixlet ID: 622001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6220.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0915
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

***************************************************************
Title: Wireshark Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 622301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6223.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6472
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

***************************************************************
Title: Opera Unspecified Vulnerability
Severity: High
Fixlet ID: 623001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6230.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0914
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.