Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 180	Published: Tue, 21 Jul 2009 18:42:06  GMT

New Fixlets:
============

***************************************************************
Title: Embedded OpenType Font Heap Overflow Vulnerability
Severity: High
Fixlet ID: 545701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5457.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0231
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Radius OTP Bypass Vulnerability
Severity: High
Fixlet ID: 564901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5649.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1135
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Embedded OpenType Font Integer Overflow Vulnerability
Severity: High
Fixlet ID: 567801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5678.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0232
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: DirectX Pointer Validation Vulnerability
Severity: High
Fixlet ID: 596301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5963.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1538
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability
Severity: High
Fixlet ID: 616601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6166.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1542
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Pointer Dereference Vulnerability
Severity: High
Fixlet ID: 628501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6285.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0566
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

***************************************************************
Title: Microsoft Video ActiveX Control Vulnerability
Severity: High
Fixlet ID: 633301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6333.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0015
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Stack-based buffer overflow in MPEG2TuneRequest in the Microsoft Video ActiveX control in msvidctl.dll in Microsoft DirectShow in Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009.

***************************************************************
Title: DirectX Size Validation Vulnerability
Severity: High
Fixlet ID: 634101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6341.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1539
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.