Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka “Lync RCE Vulnerability.”
Category Archives: Security
Security
CVE-2013-1317 (publisher)
Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka “Publisher Integer Overflow Vulnerability.”
CVE-2013-1309 (internet_explorer)
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “Internet Explorer Use After Free Vulnerability,” a different vulnerability than CVE-2013-1308 and CVE-2013-2551.
CVE-2013-1310 (internet_explorer)
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “Internet Explorer Use After Free Vulnerability.”
CVE-2013-1307 (internet_explorer)
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “Internet Explorer Use After Free Vulnerability,” a different vulnerability than CVE-2013-0811.
CVE-2013-1306 (internet_explorer)
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “Internet Explorer Use After Free Vulnerability,” a different vulnerability than CVE-2013-1313.
CVE-2013-1297 (internet_explorer)
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka “JSON Array Information Disclosure Vulnerability.”
CVE-2013-1305 (windows_8, windows_rt, windows_server_2012)
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka “HTTP.sys Denial of Service Vulnerability.”
CVE-2013-3498 (smartpass)
Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wheezy is out! Jessie is created and receives updates!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, these means that we are outphasing the relaxed rules for uploading to squeeze-backports-sloppy (and wheezy-backports) and ask you to only upload packages that are already in jessie to this suits. Please (re)read the rules stated in the contribution document[1] to update your memory. ;) Alex - on behalf of the backports ftpmasters [1] http://backports.debian.org/Contribute/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGHV+sACgkQ01u8mbx9AgpCbQCggo0kQ7CulVDYrr+u2193tPJI 0zYAnAxJlCrb5Px5qLcUtqXVAP92J68R =inhn -----END PGP SIGNATURE-----