· 6 years ago · Jan 08, 2020, 04:30 AM
1#####################################################################################################################################
2======================================================================================================================================
3Hostname texasagriculture.gov ISP Amazon.com, Inc.
4Continent North America Flag
5US
6Country United States Country Code US
7Region Virginia Local time 07 Jan 2020 22:19 EST
8City Ashburn Postal Code 20149
9IP Address 184.72.111.210 Latitude 39.048
10 Longitude -77.473
11======================================================================================================================================
12#####################################################################################################################################
13> texasagriculture.gov
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: texasagriculture.gov
19Address: 184.72.111.210
20>
21######################################################################################################################################
22[+] Target : texasagriculture.gov
23
24[+] IP Address : 184.72.111.210
25
26[+] Headers :
27
28[+] Cache-Control : private
29[+] Content-Type : text/html; charset=utf-8
30[+] Server : Microsoft-IIS/10.0
31[+] Set-Cookie : .ASPXANONYMOUS=Nf_ldWX81QEkAAAAZGNiNDMzY2QtNDBiOS00OTc5LWI4MGItNTdlM2Q2ZDRhYTJm0; expires=Tue, 17-Mar-2020 14:07:57 GMT; path=/; HttpOnly, ASP.NET_SessionId=m0xho0zzvvbwhuaj4vhvat1z; path=/; HttpOnly, .ASPXANONYMOUS=Nf_ldWX81QEkAAAAZGNiNDMzY2QtNDBiOS00OTc5LWI4MGItNTdlM2Q2ZDRhYTJm0; expires=Tue, 17-Mar-2020 14:07:57 GMT; path=/; HttpOnly, ASP.NET_SessionId=m0xho0zzvvbwhuaj4vhvat1z; path=/; HttpOnly, language=en-US; path=/; HttpOnly
32[+] X-Frame-Options : SAMEORIGIN
33[+] Date : Wed, 08 Jan 2020 03:27:58 GMT
34[+] Content-Length : 109712
35
36[+] SSL Certificate Information :
37
38[+] countryName : US
39[+] stateOrProvinceName : Texas
40[+] localityName : Austin
41[+] organizationName : Texas Department of Agriculture
42[+] commonName : *.texasagriculture.gov
43[+] countryName : US
44[+] organizationName : Entrust, Inc.
45[+] organizationalUnitName : (c) 2012 Entrust, Inc. - for authorized use only
46[+] commonName : Entrust Certification Authority - L1K
47[+] Version : 3
48[+] Serial Number : 9263BE416E34DCB40000000050F0A020
49[+] Not Before : Apr 22 21:48:07 2019 GMT
50[+] Not After : Apr 21 22:18:07 2021 GMT
51[+] OCSP : ('http://ocsp.entrust.net',)
52[+] subject Alt Name : (('DNS', '*.texasagriculture.gov'), ('DNS', 'texasagriculture.gov'))
53[+] CA Issuers : ('http://aia.entrust.net/l1k-chain256.cer',)
54[+] CRL Distribution Points : ('http://crl.entrust.net/level1k.crl',)
55
56[+] Whois Lookup :
57
58[+] NIR : None
59[+] ASN Registry : arin
60[+] ASN : 14618
61[+] ASN CIDR : 184.72.96.0/19
62[+] ASN Country Code : US
63[+] ASN Date : 2010-01-26
64[+] ASN Description : AMAZON-AES - Amazon.com, Inc., US
65[+] cidr : 184.72.0.0/15
66[+] name : AMAZON-EC2-7
67[+] handle : NET-184-72-0-0-1
68[+] range : 184.72.0.0 - 184.73.255.255
69[+] description : Amazon.com, Inc.
70[+] country : US
71[+] state : WA
72[+] city : Seattle
73[+] address : Amazon Web Services, Inc.
74P.O. Box 81226
75[+] postal_code : 98108-1226
76[+] emails : ['amzn-noc-contact@amazon.com', 'aws-routing-poc@amazon.com', 'abuse@amazonaws.com']
77[+] created : 2010-01-26
78[+] updated : 2014-09-03
79
80[+] Crawling Target...
81
82[+] Looking for robots.txt........[ Not Found ]
83[+] Looking for sitemap.xml.......[ Not Found ]
84[+] Extracting CSS Links..........[ 2 ]
85[+] Extracting Javascript Links...[ 4 ]
86[+] Extracting Internal Links.....[ 113 ]
87[+] Extracting External Links.....[ 19 ]
88[+] Extracting Images.............[ 21 ]
89
90[+] Total Links Extracted : 159
91
92[+] Dumping Links in /opt/FinalRecon/dumps/texasagriculture.gov.dump
93[+] Completed!
94#####################################################################################################################################
95[i] Scanning Site: https://texasagriculture.gov
96
97
98
99B A S I C I N F O
100====================
101
102
103[+] Site Title:
104 Home
105
106[+] IP address: 184.72.111.210
107[+] Web Server: Microsoft-IIS/10.0
108[+] CMS: Could Not Detect
109[+] Cloudflare: Not Detected
110[+] Robots File: Could NOT Find robots.txt!
111
112
113
114
115W H O I S L O O K U P
116========================
117
118 % DOTGOV WHOIS Server ready
119 Domain Name: TEXASAGRICULTURE.GOV
120 Status: ACTIVE
121
122>>> Last update of whois database: 2020-01-08T03:28:08Z <<<
123
124Please be advised that this whois server only contains information pertaining
125to the .GOV domain. For information for other domains please use the whois
126server at RS.INTERNIC.NET.
127
128
129
130
131G E O I P L O O K U P
132=========================
133
134[i] IP Address: 184.72.111.210
135[i] Country: United States
136[i] State: Virginia
137[i] City: Ashburn
138[i] Latitude: 39.0481
139[i] Longitude: -77.4728
140
141
142
143
144H T T P H E A D E R S
145=======================
146
147
148[i] HTTP/1.1 200 OK
149[i] Cache-Control: private
150[i] Content-Type: text/html; charset=utf-8
151[i] Server: Microsoft-IIS/10.0
152[i] Set-Cookie: .ASPXANONYMOUS=BBH8f2X81QEkAAAAYmFjNzQ2YWMtNzY4Yi00Y2MwLWE3Y2ItODJiMjY1NGI0NTdh0; expires=Tue, 17-Mar-2020 14:08:14 GMT; path=/; HttpOnly
153[i] Set-Cookie: ASP.NET_SessionId=tjkc41c4yuxieokjjkpfcgxi; path=/; HttpOnly
154[i] Set-Cookie: .ASPXANONYMOUS=BBH8f2X81QEkAAAAYmFjNzQ2YWMtNzY4Yi00Y2MwLWE3Y2ItODJiMjY1NGI0NTdh0; expires=Tue, 17-Mar-2020 14:08:14 GMT; path=/; HttpOnly
155[i] Set-Cookie: ASP.NET_SessionId=tjkc41c4yuxieokjjkpfcgxi; path=/; HttpOnly
156[i] Set-Cookie: language=en-US; path=/; HttpOnly
157[i] X-Frame-Options: SAMEORIGIN
158[i] Date: Wed, 08 Jan 2020 03:28:14 GMT
159[i] Connection: close
160[i] Content-Length: 109791
161
162
163
164
165D N S L O O K U P
166===================
167
168texasagriculture.gov. 3599 IN TXT "v=spf1 ip4:204.64.160.38/32 ip4:141.198.3.225/32 ip4:208.76.56.0/21 ip4:216.146.32.0/20 ip4:80.231.25.0/24 ip4:80.231.219.0/24 ip4:91.198.22.0/24 ip4:103.11.200.0/22 ip4:199.19.0.0/21 ip4:203.62.195.0/24" " ip4:204.13.248.0/22 ip4:208.78.68.0/22 ip4:162.88.36.0/23 ip4:162.88.4.0/23 ip4:129.121.0.0/16 ip4:152.160.0.0/16 ip4:64.247.0.0/16 ip4:65.75.0.0/16 ip4:78.157.218.0/24 ip4:74.63.245.96/28" " ip4:75.103.73.84/32 ip4:63.236.100.0/24 ip4:66.77.16.0/24 ip4:74.202.227.32/27 ip4:216.27.93.0/25 ip4:216.27.84.64/27 ip4:66.192.165.128/28 ip4:66.162.193.224/28 ip4:64.132.109.48/28 ip4:216.27.86.128/26" " ip4:207.254.213.192/26 ip4:69.166.133.128/29 ip4:69.166.133.224/29 ip4:69.166.133.232/29 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:163.47.180.0/22 ip4:203.55.21.0/24" " ip4:204.75.142.0/24 ip4:205.251.197.177/32 ip4:205.251.198.147/32 ip4:205.251.193.123/32 ip4:205.251.194.80/32 ip4:204.64.160.89/32" " include:_spf.google.com include:amazonses.com include:spf.protection.outlook.com -all"
169texasagriculture.gov. 3599 IN SOA ns.tda.state.tx.us. hostmaster.tda.state.tx.us. 2019102300 900 3600 2592000 3600
170texasagriculture.gov. 3599 IN NS ns5.capnet.state.tx.us.
171texasagriculture.gov. 3599 IN NS ns.tda.state.tx.us.
172texasagriculture.gov. 3599 IN MX 0 texasagriculture-gov.mail.protection.outlook.com.
173texasagriculture.gov. 3599 IN A 184.72.111.210
174
175
176
177
178S U B N E T C A L C U L A T I O N
179====================================
180
181Address = 184.72.111.210
182Network = 184.72.111.210 / 32
183Netmask = 255.255.255.255
184Broadcast = not needed on Point-to-Point links
185Wildcard Mask = 0.0.0.0
186Hosts Bits = 0
187Max. Hosts = 1 (2^0 - 0)
188Host Range = { 184.72.111.210 - 184.72.111.210 }
189
190
191
192N M A P P O R T S C A N
193============================
194
195Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-08 03:28 UTC
196Nmap scan report for texasagriculture.gov (184.72.111.210)
197Host is up (0.0076s latency).
198rDNS record for 184.72.111.210: ec2-184-72-111-210.compute-1.amazonaws.com
199
200PORT STATE SERVICE
20121/tcp filtered ftp
20222/tcp filtered ssh
20323/tcp filtered telnet
20480/tcp open http
205110/tcp filtered pop3
206143/tcp filtered imap
207443/tcp open https
2083389/tcp filtered ms-wbt-server
209
210Nmap done: 1 IP address (1 host up) scanned in 1.42 seconds
211
212
213
214S U B - D O M A I N F I N D E R
215==================================
216
217
218[i] Total Subdomains Found : 20
219
220[+] Subdomain: test.txunps1.texasagriculture.gov
221[-] IP: 75.103.73.104
222
223[+] Subdomain: bridge.texasagriculture.gov
224[-] IP: 184.72.121.89
225
226[+] Subdomain: agencybridge.texasagriculture.gov
227[-] IP: 184.72.121.89
228
229[+] Subdomain: tdaremote.texasagriculture.gov
230[-] IP: 141.198.148.2
231
232[+] Subdomain: licensing.texasagriculture.gov
233[-] IP: 184.72.111.210
234
235[+] Subdomain: ceusearch.texasagriculture.gov
236[-] IP: 184.72.111.210
237
238[+] Subdomain: lscrbi.texasagriculture.gov
239[-] IP: 184.72.121.89
240
241[+] Subdomain: fuel.texasagriculture.gov
242[-] IP: 184.72.111.210
243
244[+] Subdomain: mail.texasagriculture.gov
245[-] IP: 204.64.160.38
246
247[+] Subdomain: txunpsdwapp.texasagriculture.gov
248[-] IP: 75.103.73.106
249
250[+] Subdomain: licensees.texasagriculture.gov
251[-] IP: 184.72.111.210
252
253[+] Subdomain: fs.texasagriculture.gov
254[-] IP: 52.200.209.230
255
256[+] Subdomain: ns.texasagriculture.gov
257[-] IP: 204.65.10.131
258
259[+] Subdomain: exportpens.texasagriculture.gov
260[-] IP: 184.72.111.210
261
262[+] Subdomain: camps.texasagriculture.gov
263[-] IP: 184.72.111.210
264
265[+] Subdomain: txunps.texasagriculture.gov
266[-] IP: 184.72.111.210
267
268[+] Subdomain: reports.texasagriculture.gov
269[-] IP: 3.210.209.121
270
271[+] Subdomain: test.reports.texasagriculture.gov
272[-] IP: 52.200.45.24
273
274[+] Subdomain: dcdv.texasagriculture.gov
275[-] IP: 204.65.10.137
276
277[+] Subdomain: www.texasagriculture.gov
278[-] IP: 184.72.111.210
279
280######################################################################################################################################
281[+] Starting At 2020-01-07 22:28:28.575567
282[+] Collecting Information On: https://texasagriculture.gov/
283[#] Status: 200
284--------------------------------------------------
285[#] Web Server Detected: Microsoft-IIS/10.0
286- Cache-Control: private
287- Content-Type: text/html; charset=utf-8
288- Server: Microsoft-IIS/10.0
289- Set-Cookie: .ASPXANONYMOUS=LO59h2X81QEkAAAANWQ5NWI3OTUtNzMzNC00YTE2LWJkMTgtNTcxNTQ5OTliOWQ10; expires=Tue, 17-Mar-2020 14:08:27 GMT; path=/; HttpOnly, ASP.NET_SessionId=jzl0h1cnrjqqctjp5cgdm1ma; path=/; HttpOnly, .ASPXANONYMOUS=LO59h2X81QEkAAAANWQ5NWI3OTUtNzMzNC00YTE2LWJkMTgtNTcxNTQ5OTliOWQ10; expires=Tue, 17-Mar-2020 14:08:27 GMT; path=/; HttpOnly, ASP.NET_SessionId=jzl0h1cnrjqqctjp5cgdm1ma; path=/; HttpOnly, language=en-US; path=/; HttpOnly
290- X-Frame-Options: SAMEORIGIN
291- Date: Wed, 08 Jan 2020 03:28:26 GMT
292- Content-Length: 110682
293--------------------------------------------------
294[#] Finding Location..!
295[#] status: success
296[#] country: United States
297[#] countryCode: US
298[#] region: VA
299[#] regionName: Virginia
300[#] city: Ashburn
301[#] zip: 20149
302[#] lat: 39.0438
303[#] lon: -77.4874
304[#] timezone: America/New_York
305[#] isp: Amazon.com, Inc.
306[#] org: AWS EC2 (us-east-1)
307[#] as: AS14618 Amazon.com, Inc.
308[#] query: 184.72.111.210
309--------------------------------------------------
310[x] Didn't Detect WAF Presence on: https://texasagriculture.gov/
311--------------------------------------------------
312[#] Starting Reverse DNS
313[-] Failed ! Fail
314--------------------------------------------------
315[!] Scanning Open Port
316[#] 80/tcp open http
317[#] 443/tcp open https
318--------------------------------------------------
319[+] Getting SSL Info
320{'OCSP': ('http://ocsp.entrust.net',),
321 'caIssuers': ('http://aia.entrust.net/l1k-chain256.cer',),
322 'crlDistributionPoints': ('http://crl.entrust.net/level1k.crl',),
323 'issuer': ((('countryName', 'US'),),
324 (('organizationName', 'Entrust, Inc.'),),
325 (('organizationalUnitName', 'See www.entrust.net/legal-terms'),),
326 (('organizationalUnitName',
327 '(c) 2012 Entrust, Inc. - for authorized use only'),),
328 (('commonName', 'Entrust Certification Authority - L1K'),)),
329 'notAfter': 'Apr 21 22:18:07 2021 GMT',
330 'notBefore': 'Apr 22 21:48:07 2019 GMT',
331 'serialNumber': '9263BE416E34DCB40000000050F0A020',
332 'subject': ((('countryName', 'US'),),
333 (('stateOrProvinceName', 'Texas'),),
334 (('localityName', 'Austin'),),
335 (('organizationName', 'Texas Department of Agriculture'),),
336 (('commonName', '*.texasagriculture.gov'),)),
337 'subjectAltName': (('DNS', '*.texasagriculture.gov'),
338 ('DNS', 'texasagriculture.gov')),
339 'version': 3}
340-----BEGIN CERTIFICATE-----
341MIIHXTCCBkWgAwIBAgIRAJJjvkFuNNy0AAAAAFDwoCAwDQYJKoZIhvcNAQELBQAw
342gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
343Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
344MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
345BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
346MTkwNDIyMjE0ODA3WhcNMjEwNDIxMjIxODA3WjB5MQswCQYDVQQGEwJVUzEOMAwG
347A1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjEoMCYGA1UEChMfVGV4YXMgRGVw
348YXJ0bWVudCBvZiBBZ3JpY3VsdHVyZTEfMB0GA1UEAwwWKi50ZXhhc2FncmljdWx0
349dXJlLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdcquAwJ0bO
3509B9oMKCCh/4gQsXDuHDPI2SxtOnVbe7zbrdb5MPGjLYnuvnf/DeYULAATYWEtZde
351soswZPYS2/fsbeLrqxcw4ltop4MHzJZGKfe5fpFdHm3gWgRsw+JbZvegsqhlPM8u
352DB9oI6PqA8GnQOCuAlzxFrwnHLkkmFFS7upMqgPmoYpBmyrX8fP+SG2jCHUbpJ25
353DOFlP2EMxlXkKrKlnlk9K349A85NNJOArZ+W5NsaYAZ5rEITOnGuyiNA+n3xvsuw
354V3bTn3nhPXm+MGVbu/pS0hJMup4JjcaNm5qosGoGPR0wj3Lf143OdYk8mfhHdClu
355RGaUu6QxInECAwEAAaOCA5wwggOYMDcGA1UdEQQwMC6CFioudGV4YXNhZ3JpY3Vs
356dHVyZS5nb3aCFHRleGFzYWdyaWN1bHR1cmUuZ292MIIB9QYKKwYBBAHWeQIEAgSC
357AeUEggHhAd8AdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWpH
358ILn9AAAEAwBHMEUCIQCGUEGbUcdIqKwmjX6yBtGy4BvEQbl/zFWU+OQvtiLHYAIg
359U9Y4wVy979NH/KuDrpmPn7xabW2MGhTrvv1zidsHaQEAdQCHdb/nWXz4jEOZX73z
360bv9WjUdWNv9KtWDBtOr/XqCDDwAAAWpHILn+AAAEAwBGMEQCIESFgNOOXAc/xmMO
361Wmz3pJmNvaHy2/VgOFWUU+2Sa6bXAiBkTUFcnmQtBwenpnOYCLgVecsU2A5K3rie
362PU8m15Gq6AB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABakcg
363uk8AAAQDAEcwRQIgSl/9HQy/0z6AqDd8H6wJ8mpz89I9f7DdqIbwnP48P78CIQD2
364WiSjZBKXgc16zLhVaJ99AeswBhxiA/oT5KIDXZ3yxAB2AKS5CZC0GFgUh7sTosxn
365cAo8NZgE+RvfuON3zQ7IDdwQAAABakcguhAAAAQDAEcwRQIhAIBdIQDWZ8XsDscx
366/AOGZ9jC9QJOAYCydi4+dOmRp5RbAiBO0TfKep0eF7y3somgfWLVrt5Ei32sj6V0
367Yzgdst14ZjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
368AQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQv
369bGV2ZWwxay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUH
370AgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEF
371BQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMG
372CCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5j
373ZXIwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFJUH
374xQ4VMkz2DLHe6KyBipHWnDqRMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEB
375ANNCP8B7ZIfM9q2U9tVSPCB912QQTCRpgkZhs5YRcSaCP0OND9XJlyc2kqGk0xvX
376i33+dQLxvjIFBAuwa/DILphIfjenT4nS0Il26GlqJ/7XNB8J1lSpcYh2Q+79rjPx
377AKEXjvxYdOjGVEI7R+wo7ygjrSKGxYKc6Gh8dFsouNlpX4XW9beVTaNfKk375RzF
378UohfbmFfUimGt3YIowY/31Mxfg4c4rxirTobZnZqU3J7SaQi9z62z7o6DntY8myR
379Z83P5GasoVJ8ogbE/DpDZDdQ2fqPLTc6d1JjUM5dvwhBS+vSlrSpGVBp5AeosCW3
3800pKqW24TF9ilcECPdMFMUAQ=
381-----END CERTIFICATE-----
382
383--------------------------------------------------
384[+] Collecting Information Disclosure!
385[#] Detecting sitemap.xml file
386[-] sitemap.xml file not Found!?
387[#] Detecting robots.txt file
388[-] robots.txt file not Found!?
389[#] Detecting GNU Mailman
390[-] GNU Mailman App Not Detected!?
391--------------------------------------------------
392[+] Crawling Url Parameter On: https://texasagriculture.gov/
393--------------------------------------------------
394[#] Searching Html Form !
395[+] Html Form Discovered
396[#] action: /
397[#] class: None
398[#] id: Form
399[#] method: post
400--------------------------------------------------
401[!] Found 2 dom parameter
402[#] https://texasagriculture.gov//javascript:__doPostBack('dnn$ctr498$ViewAllNews$moreLink','')
403[#] https://texasagriculture.gov//javascript:__doPostBack('dnn$dnnSearch$cmdSearch','')
404--------------------------------------------------
405[!] 4 Internal Dynamic Parameter Discovered
406[+] https://texasagriculture.gov///LinkClick.aspx?fileticket=PrGduxiHARA%3d&tabid=40&portalid=0&mid=401
407[+] https://texasagriculture.gov///LinkClick.aspx?fileticket=JxvUZO3cno4%3d&tabid=40&portalid=0&mid=401
408[+] https://texasagriculture.gov///LinkClick.aspx?link=82&tabid=40&portalid=0&mid=401
409[+] https://texasagriculture.gov/Login/tabid/1397/Default.aspx?returnurl=%2f
410--------------------------------------------------
411[-] No external Dynamic Paramter Found!?
412--------------------------------------------------
413[!] 141 Internal links Discovered
414[+] https://texasagriculture.gov///DependencyHandler.axd/6d2a9eddd96c7685f87c6b2546674102.81.css
415[+] https://texasagriculture.gov///Portals/0/Skins/TDA/skin.css
416[+] https://texasagriculture.gov/Home.aspx
417[+] https://texasagriculture.gov/Home.aspx
418[+] https://texasagriculture.gov/Home/ContactUs.aspx
419[+] https://texasagriculture.gov/Home/ContactUs/TDALocations.aspx
420[+] https://texasagriculture.gov/RegulatoryPrograms/ConsumerProtection.aspx
421[+] https://texasagriculture.gov/GrantsServices/RuralEconomicDevelopment.aspx
422[+] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays.aspx
423[+] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays.aspx
424[+] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays/ForChildNutritionPrograms.aspx
425[+] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays/ForFarmersandRanchers.aspx
426[+] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays/ForParentsandFamilies.aspx
427[+] https://texasagriculture.gov/Home/ProductionAgriculture.aspx
428[+] https://texasagriculture.gov/Home/ProductionAgriculture/DisasterAssistance.aspx
429[+] https://texasagriculture.gov/Home/ProductionAgriculture/DisasterAssistance/DroughtandWildfireAid.aspx
430[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram.aspx
431[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PBBMeetingMinutes.aspx
432[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/TexasResources.aspx
433[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/TexasPrescribedBurnAssociations.aspx
434[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurnBoardMeetings.aspx
435[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/SampleBurningPlanDocuments.aspx
436[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PBBLegislationRules.aspx
437[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurningTrainingRegionsandContacts.aspx
438[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/FindaBurnManager.aspx
439[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurningBoardLawsandRegulations.aspx
440[+] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurningBoard.aspx
441[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline.aspx
442[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline.aspx
443[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/HayHotlineSearch.aspx
444[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/HayHotlineMaps.aspx
445[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/Weather.aspx
446[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/DisasterAlerts.aspx
447[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/AdditionalLinks.aspx
448[+] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/Contact.aspx
449[+] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource.aspx
450[+] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/WaterResources.aspx
451[+] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/DroughtResources.aspx
452[+] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/WildfirePrevention.aspx
453[+] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/DisasterResponse.aspx
454[+] https://texasagriculture.gov/Home/ProductionAgriculture/FeralHogResources.aspx
455[+] https://texasagriculture.gov/Home/AgencyInformation.aspx
456[+] https://texasagriculture.gov/About/Employment.aspx
457[+] https://texasagriculture.gov/Home/SitePolicies/PublicInformationPolicy.aspx
458[+] https://texasagriculture.gov/Home/TellTDA.aspx
459[+] https://texasagriculture.gov/Home/HumanResourcePolicies.aspx
460[+] https://texasagriculture.gov/NewsEvents.aspx
461[+] https://texasagriculture.gov/NewsEvents.aspx
462[+] https://texasagriculture.gov/NewsEvents/MarketRoundup.aspx
463[+] https://texasagriculture.gov/NewsEvents/AgricultureMarketSummary.aspx
464[+] https://texasagriculture.gov/NewsEvents/OpenMeetings.aspx
465[+] https://texasagriculture.gov/NewsEvents/SubscribetoPublications.aspx
466[+] https://texasagriculture.gov/NewsEvents/RuleProposals.aspx
467[+] https://texasagriculture.gov/NewsEvents/FamilyLandHeritage.aspx
468[+] https://texasagriculture.gov/NewsEvents/TexasAgricultureMattersRadio.aspx
469[+] https://texasagriculture.gov/NewsEvents/TexasAgricultureMattersTVShow.aspx
470[+] https://texasagriculture.gov/GrantsServices.aspx
471[+] https://texasagriculture.gov/RegulatoryPrograms.aspx
472[+] https://texasagriculture.gov/RegulatoryPrograms/ConvenienceTestingforLicenseExaminations.aspx
473[+] https://texasagriculture.gov/RegulatoryPrograms/ConsumerProtection.aspx
474[+] https://texasagriculture.gov/RegulatoryPrograms/Hemp.aspx
475[+] https://texasagriculture.gov/RegulatoryPrograms/Aquaculture.aspx
476[+] https://texasagriculture.gov/RegulatoryPrograms/CottonStalkDestruction.aspx
477[+] https://texasagriculture.gov/RegulatoryPrograms/EggQualityProgram.aspx
478[+] https://texasagriculture.gov/RegulatoryPrograms/FuelQuality.aspx
479[+] https://texasagriculture.gov/RegulatoryPrograms/HandlingandMarketingofPerishableCommodities.aspx
480[+] https://texasagriculture.gov/Home/ProductionAgriculture/GrainWarehouse.aspx
481[+] https://texasagriculture.gov/RegulatoryPrograms/Organics.aspx
482[+] https://texasagriculture.gov/RegulatoryPrograms/Pesticides.aspx
483[+] https://texasagriculture.gov/RegulatoryPrograms/Pesticides/PesticideExams.aspx
484[+] https://texasagriculture.gov/RegulatoryPrograms/PlantQuality.aspx
485[+] https://texasagriculture.gov/RegulatoryPrograms/Quarantines.aspx
486[+] https://texasagriculture.gov/RegulatoryPrograms/SeedQuality.aspx
487[+] https://texasagriculture.gov/RegulatoryPrograms/Pesticides/StructuralPestControlService.aspx
488[+] https://texasagriculture.gov/RegulatoryPrograms/StructuralPestControlService/PestControlBusinessLicenseeWebSearch.aspx
489[+] https://texasagriculture.gov/RegulatoryPrograms/WeightsandMeasures.aspx
490[+] https://texasagriculture.gov/RegulatoryPrograms/Enforcement.aspx
491[+] https://texasagriculture.gov/RegulatoryPrograms/FoodSafetyModernizationAct(FSMA).aspx
492[+] https://texasagriculture.gov/RegulatoryPrograms/FeralHogPesticide.aspx
493[+] https://texasagriculture.gov/LicensesRegistrations.aspx
494[+] https://texasagriculture.gov/LicensesRegistrations/RulesandStatutes.aspx
495[+] https://licensing.texasagriculture.gov/
496[+] https://texasagriculture.gov/EducationTraining.aspx
497[+] https://texasagriculture.gov/ReportsPublications.aspx
498[+] https://texasagriculture.gov/Home/AgencyInformation.aspx
499[+] https://texasagriculture.gov/About/SunsetReview.aspx
500[+] https://texasagriculture.gov/Home/ContactUs.aspx
501[+] https://texasagriculture.gov/About/WhatdoesTDAdo.aspx
502[+] https://texasagriculture.gov/About/Employment.aspx
503[+] https://texasagriculture.gov/About/Employment/InternshipProgram.aspx
504[+] https://texasagriculture.gov/About/RegionalOperations.aspx
505[+] https://texasagriculture.gov/About/RegionalOperations/GulfCoastRegionOperations.aspx
506[+] https://texasagriculture.gov/About/RegionalOperations/NorthTexasRegionOperations.aspx
507[+] https://texasagriculture.gov/About/RegionalOperations/SouthCentralRegionOperations.aspx
508[+] https://texasagriculture.gov/About/RegionalOperations/ValleyRegionOperations.aspx
509[+] https://texasagriculture.gov/About/RegionalOperations/WestTexasRegionalOffices.aspx
510[+] https://texasagriculture.gov/About/CommissionerMiller.aspx
511[+] https://texasagriculture.gov/About/TDAStaff.aspx
512[+] https://texasagriculture.gov/About/TDADivisions.aspx
513[+] https://texasagriculture.gov/About/TexasAgStats.aspx
514[+] https://texasagriculture.gov/About/InclementWeather.aspx
515[+] https://texasagriculture.gov/Forms.aspx
516[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5781/Texas-Agriculture-Is-The-Focus-Of-New-National-TV-Show-Hosted-By-Commissioner-S.aspx
517[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5775/STATEMENT-FROM-COMMISSIONER-SID-MILLER-ON-USMCA-TRADE-AGREEMENT.aspx
518[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5774/HEMP-UPDATE-1-Texas-Hemp-Plan-Outline-Sent-To-USDA.aspx
519[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5758/Commissioner-Miller-To-Hold-First-Texas-Olive-Oil-Advisory-Board-Meeting.aspx
520[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5759/OPINION-Thank-A-Farmer-This-Thanksgiving.aspx
521[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5725/MEDIA-ADVISORY-Texas-Agriculture-Memorial-Day-Honors-the-Lives-And-Sacrifices-M.aspx
522[+] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5703/Agriculture-Commissioner-Sid-Miller-Honors-Texas-Farm-and-Ranch-Families-at-44t.aspx
523[+] http://texasagriculture.gov/NewsEvents/FamilyLandHeritage.aspx
524[+] http://texasagriculture.gov/NewsEvents/FamilyLandHeritage.aspx
525[+] https://texasagriculture.gov///Home/ProductionAgriculture/HayHotline
526[+] https://texasagriculture.gov///RegulatoryPrograms/Hemp.aspx
527[+] http://www.texasagriculture.gov/RegulatoryPrograms/FoodSafetyModernizationAct(FSMA).aspx
528[+] https://texasagriculture.gov///About/SunsetReview.aspx
529[+] https://texasagriculture.gov/RegulatoryPrograms/PlantQuality/PestandDiseaseAlerts.aspx
530[+] http://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/3078/Recent-Rule-Changes.aspx
531[+] http://www.texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/DisasterResponse/Howtohelpsevereweathervictims.aspx
532[+] https://texasagriculture.gov/RegulatoryPrograms/ConvenienceTestingforLicenseExaminations.aspx
533[+] http://www.texasagriculture.gov/RegulatoryPrograms/PlantQuality/PestandDiseaseAlerts/CitrusGreening.aspx
534[+] http://texasagriculture.gov/RegulatoryPrograms/StructuralPestControlService/PestControlBusinessLicenseeWebSearch.aspx
535[+] https://lscrbi.texasagriculture.gov/
536[+] http://texasagriculture.gov/NewsEvents/GROWAward.aspx
537[+] http://www.texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram.aspx
538[+] https://texasagriculture.gov/Home/SitePolicies/PublicInformationPolicy.aspx
539[+] https://texasagriculture.gov/Home/TellTDA.aspx
540[+] http://www.texasagriculture.gov/Home/ProductionAgriculture/MarketNews.aspx
541[+] https://texasagriculture.gov/LicensesRegistrations.aspx
542[+] https://texasagriculture.gov/GrantsServices.aspx
543[+] https://texasagriculture.gov/About/Employment.aspx
544[+] https://texasagriculture.gov/Home/MostPopularLinks.aspx
545[+] http://ceusearch.texasagriculture.gov/
546[+] https://www.texasagriculture.gov/RegulatoryPrograms/Pesticides/Section18Exemptions/Section18EmergencyExemptions.aspx
547[+] http://www.texasagriculture.gov/NewsEvents/SubscribetoPublications.aspx
548[+] https://texasagriculture.gov///Home/ReportingFraudInStateGovernment.aspx
549[+] https://texasagriculture.gov///Home/MissionStatement.aspx
550[+] https://texasagriculture.gov///Home/SitePolicies.aspx
551[+] https://texasagriculture.gov///tdasitemap.aspx
552[+] https://texasagriculture.gov///Home/ContactUs.aspx
553[+] https://texasagriculture.gov//tel:18008355832
554[+] https://texasagriculture.gov///Home/HumanResourcePolicies
555--------------------------------------------------
556[!] 24 External links Discovered
557[#] http://www.gotexan.org/
558[#] http://retireintexas.org/
559[#] http://www.farmfreshfriday.org/
560[#] http://www.squaremeals.org/
561[#] http://www.squaremeals.org
562[#] http://www.squaremeals.org
563[#] https://www.facebook.com/TexasDepartmentofAgriculture/videos/10155424936797673/
564[#] http://veterans.portal.texas.gov/en/Pages/default.aspx
565[#] http://www.gotexan.org/hayhotlinehome
566[#] http://www.squaremeals.org/Publications.aspx
567[#] https://www.tdlr.texas.gov/fmq/fmq.htm
568[#] http://www.gotexan.org/
569[#] http://www.gotexan.org
570[#] http://www.txshrimp.com/
571[#] http://www.gotexanwine.org
572[#] http://www.retireintexas.org
573[#] http://www.facebook.com/TexasDepartmentofAgriculture
574[#] https://twitter.com/TexasDeptofAg
575[#] https://www.youtube.com/user/TDACommunications
576[#] http://www.texashomelandsecurity.com/
577[#] http://veterans.portal.texas.gov/
578[#] http://texas.gov/
579[#] http://www.tsl.state.tx.us/trail/
580[#] http://www.texastransparency.org/
581--------------------------------------------------
582[#] Mapping Subdomain..
583[!] Found 21 Subdomain
584- txunps1.texasagriculture.gov
585- test.txunps1.texasagriculture.gov
586- bridge.texasagriculture.gov
587- agencybridge.texasagriculture.gov
588- tdaremote.texasagriculture.gov
589- licensing.texasagriculture.gov
590- ceusearch.texasagriculture.gov
591- lscrbi.texasagriculture.gov
592- fuel.texasagriculture.gov
593- mail.texasagriculture.gov
594- txunpsdwapp.texasagriculture.gov
595- licensees.texasagriculture.gov
596- fs.texasagriculture.gov
597- ns.texasagriculture.gov
598- exportpens.texasagriculture.gov
599- camps.texasagriculture.gov
600- txunps.texasagriculture.gov
601- reports.texasagriculture.gov
602- test.reports.texasagriculture.gov
603- dcdv.texasagriculture.gov
604- www.texasagriculture.gov
605--------------------------------------------------
606[!] Done At 2020-01-07 22:28:51.068203
607#####################################################################################################################################
608[INFO] ------TARGET info------
609[*] TARGET: https://texasagriculture.gov/
610[*] TARGET IP: 184.72.111.210
611[INFO] NO load balancer detected for texasagriculture.gov...
612[*] DNS servers: ns.tda.state.tx.us.
613[*] TARGET server: Microsoft-IIS/10.0
614[*] CC: US
615[*] Country: United States
616[*] RegionCode: VA
617[*] RegionName: Virginia
618[*] City: Ashburn
619[*] ASN: AS14618
620[*] BGP_PREFIX: 184.72.96.0/19
621[*] ISP: AMAZON-AES - Amazon.com, Inc., US
622[INFO] SSL/HTTPS certificate detected
623[*] Issuer: issuer=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
624[*] Subject: subject=C = US, ST = Texas, L = Austin, O = Texas Department of Agriculture, CN = *.texasagriculture.gov
625[INFO] DNS enumeration:
626[*] intranet.texasagriculture.gov 204.64.160.19
627[*] jobs.texasagriculture.gov 184.72.111.210
628[*] mail.texasagriculture.gov 204.64.160.38
629[INFO] Possible abuse mails are:
630[*] abuse@texasagriculture.gov
631[INFO] NO PAC (Proxy Auto Configuration) file FOUND
632[INFO] Starting FUZZing in http://texasagriculture.gov/FUzZzZzZzZz...
633[INFO] Status code Folders
634[ALERT] Look in the source code. It may contain passwords
635[ALERT] Content in http://texasagriculture.gov/ AND http://www.texasagriculture.gov/ is different
636[INFO] MD5 for http://texasagriculture.gov/ is: 649d87071d11747f6eb59851539ce643
637[INFO] MD5 for http://www.texasagriculture.gov/ is: fce36bac0c0c0316d74f5dd225b3f9fe
638[INFO] http://texasagriculture.gov/ redirects to https://texasagriculture.gov/
639[INFO] http://www.texasagriculture.gov/ redirects to https://www.texasagriculture.gov/
640[INFO] Links found from https://texasagriculture.gov/ http://184.72.111.210/:
641[*] http://ceusearch.texasagriculture.gov/
642[*] http://retireintexas.org/
643[*] https://licensing.texasagriculture.gov/
644[*] https://lscrbi.texasagriculture.gov/
645[*] https://texasagriculture.gov/About/CommissionerMiller.aspx
646[*] https://texasagriculture.gov/About/Employment.aspx
647[*] https://texasagriculture.gov/About/Employment/InternshipProgram.aspx
648[*] https://texasagriculture.gov/About/InclementWeather.aspx
649[*] https://texasagriculture.gov/About/RegionalOperations.aspx
650[*] https://texasagriculture.gov/About/RegionalOperations/GulfCoastRegionOperations.aspx
651[*] https://texasagriculture.gov/About/RegionalOperations/NorthTexasRegionOperations.aspx
652[*] https://texasagriculture.gov/About/RegionalOperations/SouthCentralRegionOperations.aspx
653[*] https://texasagriculture.gov/About/RegionalOperations/ValleyRegionOperations.aspx
654[*] https://texasagriculture.gov/About/RegionalOperations/WestTexasRegionalOffices.aspx
655[*] https://texasagriculture.gov/About/SunsetReview.aspx
656[*] https://texasagriculture.gov/About/TDADivisions.aspx
657[*] https://texasagriculture.gov/About/TDAStaff.aspx
658[*] https://texasagriculture.gov/About/TexasAgStats.aspx
659[*] https://texasagriculture.gov/About/WhatdoesTDAdo.aspx
660[*] https://texasagriculture.gov/EducationTraining.aspx
661[*] https://texasagriculture.gov/Forms.aspx
662[*] https://texasagriculture.gov/GrantsServices.aspx
663[*] https://texasagriculture.gov/GrantsServices/RuralEconomicDevelopment.aspx
664[*] https://texasagriculture.gov/Home/AgencyInformation.aspx
665[*] https://texasagriculture.gov/Home.aspx
666[*] https://texasagriculture.gov/Home/ContactUs.aspx
667[*] https://texasagriculture.gov/Home/ContactUs/TDALocations.aspx
668[*] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays.aspx
669[*] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays/ForChildNutritionPrograms.aspx
670[*] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays/ForFarmersandRanchers.aspx
671[*] https://texasagriculture.gov/Home/HealthyLiving/FarmFreshFridays/ForParentsandFamilies.aspx
672[*] https://texasagriculture.gov/Home/HumanResourcePolicies
673[*] https://texasagriculture.gov/Home/HumanResourcePolicies.aspx
674[*] https://texasagriculture.gov/Home/MissionStatement.aspx
675[*] https://texasagriculture.gov/Home/MostPopularLinks.aspx
676[*] https://texasagriculture.gov/Home/ProductionAgriculture.aspx
677[*] https://texasagriculture.gov/Home/ProductionAgriculture/DisasterAssistance.aspx
678[*] https://texasagriculture.gov/Home/ProductionAgriculture/DisasterAssistance/DroughtandWildfireAid.aspx
679[*] https://texasagriculture.gov/Home/ProductionAgriculture/FeralHogResources.aspx
680[*] https://texasagriculture.gov/Home/ProductionAgriculture/GrainWarehouse.aspx
681[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline
682[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/AdditionalLinks.aspx
683[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline.aspx
684[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/Contact.aspx
685[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/DisasterAlerts.aspx
686[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/HayHotlineMaps.aspx
687[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/HayHotlineSearch.aspx
688[*] https://texasagriculture.gov/Home/ProductionAgriculture/HayHotline/Weather.aspx
689[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram.aspx
690[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/FindaBurnManager.aspx
691[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PBBLegislationRules.aspx
692[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PBBMeetingMinutes.aspx
693[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurnBoardMeetings.aspx
694[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurningBoard.aspx
695[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurningBoardLawsandRegulations.aspx
696[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/PrescribedBurningTrainingRegionsandContacts.aspx
697[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/SampleBurningPlanDocuments.aspx
698[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/TexasPrescribedBurnAssociations.aspx
699[*] https://texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram/TexasResources.aspx
700[*] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource.aspx
701[*] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/DisasterResponse.aspx
702[*] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/DroughtResources.aspx
703[*] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/WaterResources.aspx
704[*] https://texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/WildfirePrevention.aspx
705[*] https://texasagriculture.gov/Home/ReportingFraudInStateGovernment.aspx
706[*] https://texasagriculture.gov/Home/SitePolicies.aspx
707[*] https://texasagriculture.gov/Home/SitePolicies/PublicInformationPolicy.aspx
708[*] https://texasagriculture.gov/Home/TellTDA.aspx
709[*] https://texasagriculture.gov/LicensesRegistrations.aspx
710[*] https://texasagriculture.gov/LicensesRegistrations/RulesandStatutes.aspx
711[*] https://texasagriculture.gov/LinkClick.aspx?fileticket=JxvUZO3cno4=&tabid=40&portalid=0&mid=401
712[*] https://texasagriculture.gov/LinkClick.aspx?fileticket=PrGduxiHARA=&tabid=40&portalid=0&mid=401
713[*] https://texasagriculture.gov/LinkClick.aspx?link=82&tabid=40&portalid=0&mid=401
714[*] https://texasagriculture.gov/Login/tabid/1397/Default.aspx?returnurl=/
715[*] https://texasagriculture.gov/NewsEvents/AgricultureMarketSummary.aspx
716[*] https://texasagriculture.gov/NewsEvents.aspx
717[*] https://texasagriculture.gov/NewsEvents/FamilyLandHeritage.aspx
718[*] https://texasagriculture.gov/NewsEvents/MarketRoundup.aspx
719[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5703/Agriculture-Commissioner-Sid-Miller-Honors-Texas-Farm-and-Ranch-Families-at-44t.aspx
720[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5725/MEDIA-ADVISORY-Texas-Agriculture-Memorial-Day-Honors-the-Lives-And-Sacrifices-M.aspx
721[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5758/Commissioner-Miller-To-Hold-First-Texas-Olive-Oil-Advisory-Board-Meeting.aspx
722[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5759/OPINION-Thank-A-Farmer-This-Thanksgiving.aspx
723[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5774/HEMP-UPDATE-1-Texas-Hemp-Plan-Outline-Sent-To-USDA.aspx
724[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5775/STATEMENT-FROM-COMMISSIONER-SID-MILLER-ON-USMCA-TRADE-AGREEMENT.aspx
725[*] https://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/5781/Texas-Agriculture-Is-The-Focus-Of-New-National-TV-Show-Hosted-By-Commissioner-S.aspx
726[*] https://texasagriculture.gov/NewsEvents/OpenMeetings.aspx
727[*] https://texasagriculture.gov/NewsEvents/RuleProposals.aspx
728[*] https://texasagriculture.gov/NewsEvents/SubscribetoPublications.aspx
729[*] https://texasagriculture.gov/NewsEvents/TexasAgricultureMattersRadio.aspx
730[*] https://texasagriculture.gov/NewsEvents/TexasAgricultureMattersTVShow.aspx
731[*] https://texasagriculture.gov/#rade_img_map_1497302142610
732[*] https://texasagriculture.gov/#rade_img_map_1501003408954
733[*] https://texasagriculture.gov/#rade_img_map_1501691856744
734[*] https://texasagriculture.gov/RegulatoryPrograms/Aquaculture.aspx
735[*] https://texasagriculture.gov/RegulatoryPrograms.aspx
736[*] https://texasagriculture.gov/RegulatoryPrograms/ConsumerProtection.aspx
737[*] https://texasagriculture.gov/RegulatoryPrograms/ConvenienceTestingforLicenseExaminations.aspx
738[*] https://texasagriculture.gov/RegulatoryPrograms/CottonStalkDestruction.aspx
739[*] https://texasagriculture.gov/RegulatoryPrograms/EggQualityProgram.aspx
740[*] https://texasagriculture.gov/RegulatoryPrograms/Enforcement.aspx
741[*] https://texasagriculture.gov/RegulatoryPrograms/FeralHogPesticide.aspx
742[*] https://texasagriculture.gov/RegulatoryPrograms/FoodSafetyModernizationAct(FSMA).aspx
743[*] https://texasagriculture.gov/RegulatoryPrograms/FuelQuality.aspx
744[*] https://texasagriculture.gov/RegulatoryPrograms/HandlingandMarketingofPerishableCommodities.aspx
745[*] https://texasagriculture.gov/RegulatoryPrograms/Hemp.aspx
746[*] https://texasagriculture.gov/RegulatoryPrograms/Organics.aspx
747[*] https://texasagriculture.gov/RegulatoryPrograms/Pesticides.aspx
748[*] https://texasagriculture.gov/RegulatoryPrograms/Pesticides/PesticideExams.aspx
749[*] https://texasagriculture.gov/RegulatoryPrograms/Pesticides/StructuralPestControlService.aspx
750[*] https://texasagriculture.gov/RegulatoryPrograms/PlantQuality.aspx
751[*] https://texasagriculture.gov/RegulatoryPrograms/PlantQuality/PestandDiseaseAlerts.aspx
752[*] https://texasagriculture.gov/RegulatoryPrograms/Quarantines.aspx
753[*] https://texasagriculture.gov/RegulatoryPrograms/SeedQuality.aspx
754[*] https://texasagriculture.gov/RegulatoryPrograms/StructuralPestControlService/PestControlBusinessLicenseeWebSearch.aspx
755[*] https://texasagriculture.gov/RegulatoryPrograms/WeightsandMeasures.aspx
756[*] https://texasagriculture.gov/ReportsPublications.aspx
757[*] https://texasagriculture.gov/tdasitemap.aspx
758[*] https://www.facebook.com/TexasDepartmentofAgriculture/videos/10155424936797673/
759[*] https://www.tdlr.texas.gov/fmq/fmq.htm
760[*] https://www.texasagriculture.gov/RegulatoryPrograms/Pesticides/Section18Exemptions/Section18EmergencyExemptions.aspx
761[*] http://texasagriculture.gov/NewsEvents/FamilyLandHeritage.aspx
762[*] http://texasagriculture.gov/NewsEvents/GROWAward.aspx
763[*] http://texasagriculture.gov/NewsEvents/NewsEventsDetails/tabid/76/Article/3078/Recent-Rule-Changes.aspx
764[*] http://texasagriculture.gov/RegulatoryPrograms/StructuralPestControlService/PestControlBusinessLicenseeWebSearch.aspx
765[*] http://texas.gov/
766[*] http://veterans.portal.texas.gov/
767[*] http://veterans.portal.texas.gov/en/Pages/default.aspx
768[*] http://www.farmfreshfriday.org/
769[*] http://www.gotexan.org/
770[*] http://www.gotexan.org/hayhotlinehome
771[*] http://www.gotexanwine.org/
772[*] http://www.retireintexas.org/
773[*] http://www.squaremeals.org/
774[*] http://www.squaremeals.org/Publications.aspx
775[*] http://www.texasagriculture.gov/Home/ProductionAgriculture/MarketNews.aspx
776[*] http://www.texasagriculture.gov/Home/ProductionAgriculture/PrescribedBurnProgram.aspx
777[*] http://www.texasagriculture.gov/Home/ProductionAgriculture/TheWaterSource/DisasterResponse/Howtohelpsevereweathervictims.aspx
778[*] http://www.texasagriculture.gov/RegulatoryPrograms/PlantQuality/PestandDiseaseAlerts/CitrusGreening.aspx
779[*] http://www.texashomelandsecurity.com/
780[*] http://www.texastransparency.org/
781[*] http://www.tsl.state.tx.us/trail/
782[*] http://www.txshrimp.com/
783[INFO] GOOGLE has Officials dslo.afdo.org › results about http://texasagriculture.gov/
784[INFO] Shodan detected the following opened ports on 184.72.111.210:
785[*] 443
786[*] 50
787[*] 80
788[INFO] ------VirusTotal SECTION------
789[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
790[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
791[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
792[INFO] ------Alexa Rank SECTION------
793[INFO] Percent of Visitors Rank in Country:
794[INFO] Percent of Search Traffic:
795[INFO] Percent of Unique Visits:
796[INFO] Total Sites Linking In:
797[*] Total Sites
798[INFO] Useful links related to texasagriculture.gov - 184.72.111.210:
799[*] https://www.virustotal.com/pt/ip-address/184.72.111.210/information/
800[*] https://www.hybrid-analysis.com/search?host=184.72.111.210
801[*] https://www.shodan.io/host/184.72.111.210
802[*] https://www.senderbase.org/lookup/?search_string=184.72.111.210
803[*] https://www.alienvault.com/open-threat-exchange/ip/184.72.111.210
804[*] http://pastebin.com/search?q=184.72.111.210
805[*] http://urlquery.net/search.php?q=184.72.111.210
806[*] http://www.alexa.com/siteinfo/texasagriculture.gov
807[*] http://www.google.com/safebrowsing/diagnostic?site=texasagriculture.gov
808[*] https://censys.io/ipv4/184.72.111.210
809[*] https://www.abuseipdb.com/check/184.72.111.210
810[*] https://urlscan.io/search/#184.72.111.210
811[*] https://github.com/search?q=184.72.111.210&type=Code
812[INFO] Useful links related to AS14618 - 184.72.96.0/19:
813[*] http://www.google.com/safebrowsing/diagnostic?site=AS:14618
814[*] https://www.senderbase.org/lookup/?search_string=184.72.96.0/19
815[*] http://bgp.he.net/AS14618
816[*] https://stat.ripe.net/AS14618
817[INFO] Date: 07/01/20 | Time: 22:29:31
818[INFO] Total time: 0 minute(s) and 56 second(s)
819#####################################################################################################################################
820Trying "texasagriculture.gov"
821Trying "texasagriculture.gov"
822;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35060
823;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2
824
825;; QUESTION SECTION:
826;texasagriculture.gov. IN ANY
827
828;; ANSWER SECTION:
829texasagriculture.gov. 3600 IN SOA ns.tda.state.tx.us. hostmaster.tda.state.tx.us. 2019102300 900 3600 2592000 3600
830texasagriculture.gov. 3600 IN A 184.72.111.210
831texasagriculture.gov. 3600 IN MX 0 texasagriculture-gov.mail.protection.outlook.com.
832texasagriculture.gov. 3600 IN TXT "v=spf1 ip4:204.64.160.38/32 ip4:141.198.3.225/32 ip4:208.76.56.0/21 ip4:216.146.32.0/20 ip4:80.231.25.0/24 ip4:80.231.219.0/24 ip4:91.198.22.0/24 ip4:103.11.200.0/22 ip4:199.19.0.0/21 ip4:203.62.195.0/24" " ip4:204.13.248.0/22 ip4:208.78.68.0/22 ip4:162.88.36.0/23 ip4:162.88.4.0/23 ip4:129.121.0.0/16 ip4:152.160.0.0/16 ip4:64.247.0.0/16 ip4:65.75.0.0/16 ip4:78.157.218.0/24 ip4:74.63.245.96/28" " ip4:75.103.73.84/32 ip4:63.236.100.0/24 ip4:66.77.16.0/24 ip4:74.202.227.32/27 ip4:216.27.93.0/25 ip4:216.27.84.64/27 ip4:66.192.165.128/28 ip4:66.162.193.224/28 ip4:64.132.109.48/28 ip4:216.27.86.128/26" " ip4:207.254.213.192/26 ip4:69.166.133.128/29 ip4:69.166.133.224/29 ip4:69.166.133.232/29 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:163.47.180.0/22 ip4:203.55.21.0/24" " ip4:204.75.142.0/24 ip4:205.251.197.177/32 ip4:205.251.198.147/32 ip4:205.251.193.123/32 ip4:205.251.194.80/32 ip4:204.64.160.89/32" " include:_spf.google.com include:amazonses.com include:spf.protection.outlook.com -all"
833texasagriculture.gov. 3600 IN NS ns.tda.state.tx.us.
834texasagriculture.gov. 3600 IN NS ns5.capnet.state.tx.us.
835
836;; ADDITIONAL SECTION:
837ns5.capnet.state.tx.us. 3407 IN A 204.67.3.2
838ns.tda.state.tx.us. 3600 IN A 204.65.10.131
839
840Received 1272 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 46 ms
841####################################################################################################################################
842; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace texasagriculture.gov any
843;; global options: +cmd
844. 85317 IN NS k.root-servers.net.
845. 85317 IN NS a.root-servers.net.
846. 85317 IN NS g.root-servers.net.
847. 85317 IN NS l.root-servers.net.
848. 85317 IN NS c.root-servers.net.
849. 85317 IN NS j.root-servers.net.
850. 85317 IN NS b.root-servers.net.
851. 85317 IN NS e.root-servers.net.
852. 85317 IN NS m.root-servers.net.
853. 85317 IN NS f.root-servers.net.
854. 85317 IN NS i.root-servers.net.
855. 85317 IN NS h.root-servers.net.
856. 85317 IN NS d.root-servers.net.
857. 85317 IN RRSIG NS 8 0 518400 20200120170000 20200107160000 33853 . D7t1mhH1txTYmEsgH9M9vkmZAL3714AsQoZCvNSyTQAPZ+Dz3OrQJH62 SfYVWre78vELCvOf98RAGnVYU+h25+co+6zhcgqYU72/0wnEk6FsvJEh ksfPmHdRceO9/uZFyA8hLipUQC0EXi+sQhn8Cnd1f59H7/SdBWL8amtS T8y0b7Nhb8bRKej/YeSnPejL4z8cFgkmWIxz7NOXRIk/7gRttq0iD4Qm C/JsgIIyvhSqQZ5EkpctdRR7aMu036FYLx54o00qcaDqUc43hf5AQG2U 9a/FXMks+OiKCFr8hwY5ciDzFxfSj+Kd0w6J6ojJGufvovRvKdWDpNHV 9Kz5Mg==
858;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 155 ms
859
860gov. 172800 IN NS b.gov-servers.net.
861gov. 172800 IN NS d.gov-servers.net.
862gov. 172800 IN NS c.gov-servers.net.
863gov. 172800 IN NS a.gov-servers.net.
864gov. 86400 IN DS 7698 8 1 6F109B46A80CEA9613DC86D5A3E065520505AAFE
865gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5 559561F0
866gov. 86400 IN RRSIG DS 8 1 86400 20200120170000 20200107160000 33853 . XmDNtz+k33s9s1kzv1la0Pk+eSvTvxXJvJGC+fAY2SMKTFOlZv/PCNXx PWULpXp3uRO+yONQk+uXhiZWxncM3mQDAzOm0NiZP2nU0crcSYbkEKlT 0A+eF9gBuliYHq+HIfrdIkKmO1cYAB0AhZFtpUi7WoMy6SjdM/3C+qjM qOagny8M//iVvosBSjW0EVE8wtzX2lcssAf85M93rT7BXjLWxpCzAfse sYj+AjjxmeEENnQmmgbYJcZbTiixHE/pa/OYS6z7QCuHOunibeu3Z4eO WkNXXgc9/fknvD/9z3A4BeGUllH6HKdB/dNF2yTbDfj0nDvI/kt4AKvk b5D28g==
867;; Received 675 bytes from 2001:7fe::53#53(i.root-servers.net) in 42 ms
868
869texasagriculture.gov. 86400 IN NS ns.tda.state.tx.us.
870texasagriculture.gov. 86400 IN NS ns5.capnet.state.tx.us.
8714AEMPSEPILM270AUF91EGUL5TTUF208A.gov. 86400 IN NSEC3 1 0 8 4C44934802D3 4AH2A4M6T027MDNBROORVSGEHBBKJGVL NS
8724AEMPSEPILM270AUF91EGUL5TTUF208A.gov. 86400 IN RRSIG NSEC3 8 2 86400 20200114221007 20200107221007 14320 gov. kytU3pTeimkx/yOM8zd7uPw1vf9A/FTrvCpI7mWT9LgJmOizPolD3I02 9p6xvvlS+9B5TiJncOFxl39Lz2DBu83YhI+unstwEcsa58JLUGVjwcFq OFwhF1iA6iZ+YVsszyIOmab5OApVpwAPjpT4e6Vx8AjJPEnPgh3ci2qv EPwUOKJEdzrg1/L8ynvGe0gIoC8rRMH/0pVZmew2xlgVYQ==
873;; Received 381 bytes from 81.19.194.30#53(d.gov-servers.net) in 147 ms
874
875texasagriculture.gov. 3600 IN TXT "v=spf1 ip4:204.64.160.38/32 ip4:141.198.3.225/32 ip4:208.76.56.0/21 ip4:216.146.32.0/20 ip4:80.231.25.0/24 ip4:80.231.219.0/24 ip4:91.198.22.0/24 ip4:103.11.200.0/22 ip4:199.19.0.0/21 ip4:203.62.195.0/24" " ip4:204.13.248.0/22 ip4:208.78.68.0/22 ip4:162.88.36.0/23 ip4:162.88.4.0/23 ip4:129.121.0.0/16 ip4:152.160.0.0/16 ip4:64.247.0.0/16 ip4:65.75.0.0/16 ip4:78.157.218.0/24 ip4:74.63.245.96/28" " ip4:75.103.73.84/32 ip4:63.236.100.0/24 ip4:66.77.16.0/24 ip4:74.202.227.32/27 ip4:216.27.93.0/25 ip4:216.27.84.64/27 ip4:66.192.165.128/28 ip4:66.162.193.224/28 ip4:64.132.109.48/28 ip4:216.27.86.128/26" " ip4:207.254.213.192/26 ip4:69.166.133.128/29 ip4:69.166.133.224/29 ip4:69.166.133.232/29 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:163.47.180.0/22 ip4:203.55.21.0/24" " ip4:204.75.142.0/24 ip4:205.251.197.177/32 ip4:205.251.198.147/32 ip4:205.251.193.123/32 ip4:205.251.194.80/32 ip4:204.64.160.89/32" " include:_spf.google.com include:amazonses.com include:spf.protection.outlook.com -all"
876texasagriculture.gov. 3600 IN NS ns5.capnet.state.tx.us.
877texasagriculture.gov. 3600 IN NS ns.tda.state.tx.us.
878texasagriculture.gov. 3600 IN MX 0 texasagriculture-gov.mail.protection.outlook.com.
879texasagriculture.gov. 3600 IN A 184.72.111.210
880texasagriculture.gov. 3600 IN SOA ns.tda.state.tx.us. hostmaster.tda.state.tx.us. 2019102300 900 3600 2592000 3600
881;; Received 1311 bytes from 204.67.3.2#53(ns5.capnet.state.tx.us) in 152 ms
882#####################################################################################################################################
883[*] Performing General Enumeration of Domain: texasagriculture.gov
884[-] DNSSEC is not configured for texasagriculture.gov
885[*] SOA ns.tda.state.tx.us 204.65.10.131
886[*] NS ns5.capnet.state.tx.us 204.67.3.2
887[*] NS ns.tda.state.tx.us 204.65.10.131
888[*] MX texasagriculture-gov.mail.protection.outlook.com 104.47.40.36
889[*] A texasagriculture.gov 184.72.111.210
890[*] TXT texasagriculture.gov v=spf1 ip4:204.64.160.38/32 ip4:141.198.3.225/32 ip4:208.76.56.0/21 ip4:216.146.32.0/20 ip4:80.231.25.0/24 ip4:80.231.219.0/24 ip4:91.198.22.0/24 ip4:103.11.200.0/22 ip4:199.19.0.0/21 ip4:203.62.195.0/24 ip4:204.13.248.0/22 ip4:208.78.68.0/22 ip4:162.88.36.0/23 ip4:162.88.4.0/23 ip4:129.121.0.0/16 ip4:152.160.0.0/16 ip4:64.247.0.0/16 ip4:65.75.0.0/16 ip4:78.157.218.0/24 ip4:74.63.245.96/28 ip4:75.103.73.84/32 ip4:63.236.100.0/24 ip4:66.77.16.0/24 ip4:74.202.227.32/27 ip4:216.27.93.0/25 ip4:216.27.84.64/27 ip4:66.192.165.128/28 ip4:66.162.193.224/28 ip4:64.132.109.48/28 ip4:216.27.86.128/26 ip4:207.254.213.192/26 ip4:69.166.133.128/29 ip4:69.166.133.224/29 ip4:69.166.133.232/29 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:163.47.180.0/22 ip4:203.55.21.0/24 ip4:204.75.142.0/24 ip4:205.251.197.177/32 ip4:205.251.198.147/32 ip4:205.251.193.123/32 ip4:205.251.194.80/32 ip4:204.64.160.89/32 include:_spf.google.com include:amazonses.com include:spf.protection.outlook.com -all
891[*] Enumerating SRV Records
892[*] SRV _sip._tls.texasagriculture.gov sipdir.online.lync.com 52.112.64.140 443 1
893[*] SRV _sip._tls.texasagriculture.gov sipdir.online.lync.com 2603:1037:0:c::f 443 1
894[*] SRV _sipfederationtls._tcp.texasagriculture.gov sipfed.online.lync.com 52.112.66.139 5061 1
895[*] SRV _sipfederationtls._tcp.texasagriculture.gov sipfed.online.lync.com 2603:1037::b 5061 1
896[*] SRV _autodiscover._tcp.texasagriculture.gov mail.texasagriculture.gov 204.64.160.38 443 1
897[+] 5 Records Found
898#####################################################################################################################################
899[*] Processing domain texasagriculture.gov
900[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
901[+] Getting nameservers
902204.67.3.2 - ns5.capnet.state.tx.us
903204.65.10.131 - ns.tda.state.tx.us
904[-] Zone transfer failed
905
906[+] TXT records found
907"v=spf1 ip4:204.64.160.38/32 ip4:141.198.3.225/32 ip4:208.76.56.0/21 ip4:216.146.32.0/20 ip4:80.231.25.0/24 ip4:80.231.219.0/24 ip4:91.198.22.0/24 ip4:103.11.200.0/22 ip4:199.19.0.0/21 ip4:203.62.195.0/24" " ip4:204.13.248.0/22 ip4:208.78.68.0/22 ip4:162.88.36.0/23 ip4:162.88.4.0/23 ip4:129.121.0.0/16 ip4:152.160.0.0/16 ip4:64.247.0.0/16 ip4:65.75.0.0/16 ip4:78.157.218.0/24 ip4:74.63.245.96/28" " ip4:75.103.73.84/32 ip4:63.236.100.0/24 ip4:66.77.16.0/24 ip4:74.202.227.32/27 ip4:216.27.93.0/25 ip4:216.27.84.64/27 ip4:66.192.165.128/28 ip4:66.162.193.224/28 ip4:64.132.109.48/28 ip4:216.27.86.128/26" " ip4:207.254.213.192/26 ip4:69.166.133.128/29 ip4:69.166.133.224/29 ip4:69.166.133.232/29 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:163.47.180.0/22 ip4:203.55.21.0/24" " ip4:204.75.142.0/24 ip4:205.251.197.177/32 ip4:205.251.198.147/32 ip4:205.251.193.123/32 ip4:205.251.194.80/32 ip4:204.64.160.89/32" " include:_spf.google.com include:amazonses.com include:spf.protection.outlook.com -all"
908
909[+] MX records found, added to target list
9100 texasagriculture-gov.mail.protection.outlook.com.
911
912[*] Scanning texasagriculture.gov for A records
913184.72.111.210 - texasagriculture.gov
91440.97.120.184 - autodiscover.texasagriculture.gov
91540.97.120.216 - autodiscover.texasagriculture.gov
91640.97.120.136 - autodiscover.texasagriculture.gov
91740.97.120.40 - autodiscover.texasagriculture.gov
91840.97.120.72 - autodiscover.texasagriculture.gov
91952.96.16.168 - autodiscover.texasagriculture.gov
92040.97.120.152 - autodiscover.texasagriculture.gov
92152.96.22.184 - autodiscover.texasagriculture.gov
922104.40.82.191 - enterpriseenrollment.texasagriculture.gov
92323.101.163.232 - enterpriseregistration.texasagriculture.gov
92435.190.41.132 - forms.texasagriculture.gov
92552.200.209.230 - fs.texasagriculture.gov
926204.64.160.19 - intranet.texasagriculture.gov
927184.72.111.210 - jobs.texasagriculture.gov
92852.112.65.78 - lyncdiscover.texasagriculture.gov
929204.64.160.38 - mail.texasagriculture.gov
930204.65.10.131 - ns.texasagriculture.gov
9313.210.209.121 - reports.texasagriculture.gov
93252.112.65.27 - sip.texasagriculture.gov
933184.72.111.210 - www.texasagriculture.gov
934
935######################################################################################################################################
936 AVAILABLE PLUGINS
937 -----------------
938
939 CertificateInfoPlugin
940 CompressionPlugin
941 EarlyDataPlugin
942 OpenSslCcsInjectionPlugin
943 RobotPlugin
944 HeartbleedPlugin
945 FallbackScsvPlugin
946 SessionRenegotiationPlugin
947 SessionResumptionPlugin
948 OpenSslCipherSuitesPlugin
949 HttpHeadersPlugin
950
951
952
953 CHECKING HOST(S) AVAILABILITY
954 -----------------------------
955
956 184.72.111.210:443 => 184.72.111.210
957
958
959
960
961 SCAN RESULTS FOR 184.72.111.210:443 - 184.72.111.210
962 ----------------------------------------------------
963
964 * Certificate Information:
965 Content
966 SHA1 Fingerprint: 7ba42a900b91c5a76da0bcc974ac286f3d3af7bd
967 Common Name: *.texasagriculture.gov
968 Issuer: Entrust Certification Authority - L1K
969 Serial Number: 194585183615355180087750926363459100704
970 Not Before: 2019-04-22 21:48:07
971 Not After: 2021-04-21 22:18:07
972 Signature Algorithm: sha256
973 Public Key Algorithm: RSA
974 Key Size: 2048
975 Exponent: 65537 (0x10001)
976 DNS Subject Alternative Names: ['*.texasagriculture.gov', 'texasagriculture.gov']
977
978 Trust
979 Hostname Validation: FAILED - Certificate does NOT match 184.72.111.210
980 Android CA Store (9.0.0_r9): OK - Certificate is trusted
981 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
982 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
983 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
984 Windows CA Store (2019-05-27): OK - Certificate is trusted
985 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
986 Received Chain: *.texasagriculture.gov --> Entrust Certification Authority - L1K
987 Verified Chain: *.texasagriculture.gov --> Entrust Certification Authority - L1K --> Entrust Root Certification Authority - G2
988 Received Chain Contains Anchor: OK - Anchor certificate not sent
989 Received Chain Order: OK - Order is valid
990 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
991
992 Extensions
993 OCSP Must-Staple: NOT SUPPORTED - Extension not found
994 Certificate Transparency: OK - 4 SCTs included
995
996 OCSP Stapling
997 OCSP Response Status: successful
998 Validation w/ Mozilla Store: OK - Response is trusted
999 Responder Id: C = US, O = "Entrust, Inc.", CN = Entrust Validation Authority
1000 Cert Status: good
1001 Cert Serial Number: 9263BE416E34DCB40000000050F0A020
1002 This Update: Jan 3 18:00:00 2020 GMT
1003 Next Update: Jan 10 18:00:00 2020 GMT
1004
1005 * TLSV1_1 Cipher Suites:
1006 Forward Secrecy OK - Supported
1007 RC4 OK - Not Supported
1008
1009 Preferred:
1010 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
1011 Accepted:
1012 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
1013 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
1014 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
1015 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
1016 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
1017
1018 * TLSV1 Cipher Suites:
1019 Forward Secrecy OK - Supported
1020 RC4 OK - Not Supported
1021
1022 Preferred:
1023 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
1024 Accepted:
1025 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
1026 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
1027 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
1028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
1029 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
1030
1031 * Deflate Compression:
1032 OK - Compression disabled
1033
1034 * OpenSSL CCS Injection:
1035 OK - Not vulnerable to OpenSSL CCS injection
1036
1037 * SSLV2 Cipher Suites:
1038 Server rejected all cipher suites.
1039
1040 * OpenSSL Heartbleed:
1041 OK - Not vulnerable to Heartbleed
1042
1043 * TLSV1_3 Cipher Suites:
1044 Server rejected all cipher suites.
1045
1046 * Downgrade Attacks:
1047 TLS_FALLBACK_SCSV: VULNERABLE - Signaling cipher suite not supported
1048
1049 * SSLV3 Cipher Suites:
1050 Server rejected all cipher suites.
1051
1052 * TLS 1.2 Session Resumption Support:
1053 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1054 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
1055
1056 * Session Renegotiation:
1057 Client-initiated Renegotiation: OK - Rejected
1058 Secure Renegotiation: OK - Supported
1059
1060 * TLSV1_2 Cipher Suites:
1061 Forward Secrecy OK - Supported
1062 RC4 OK - Not Supported
1063
1064 Preferred:
1065 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
1066 Accepted:
1067 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
1068 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
1069 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
1070 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
1071 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
1072 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
1073 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
1074 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
1075 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
1076 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
1077 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
1078 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
1079 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
1080 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
1081 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
1082
1083 * ROBOT Attack:
1084 OK - Not vulnerable
1085
1086
1087 SCAN COMPLETED IN 18.46 S
1088 -------------------------
1089####################################################################################################################################
1090
1091Domains still to check: 1
1092 Checking if the hostname texasagriculture.gov. given is in fact a domain...
1093
1094Analyzing domain: texasagriculture.gov.
1095 Checking NameServers using system default resolver...
1096 IP: 204.67.3.2 (United States)
1097 HostName: ns5.capnet.state.tx.us Type: NS
1098 HostName: ns5.capnet.state.tx.us Type: PTR
1099 IP: 204.65.10.131 (United States)
1100 HostName: ns.tda.state.tx.us Type: NS
1101 HostName: ns.agr.state.tx.us Type: PTR
1102
1103 Checking MailServers using system default resolver...
1104 IP: 104.47.41.36 (United States)
1105 HostName: texasagriculture-gov.mail.protection.outlook.com Type: MX
1106 HostName: mail-dm3nam030036.inbound.protection.outlook.com Type: PTR
1107
1108 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1109 No zone transfer found on nameserver 204.65.10.131
1110 No zone transfer found on nameserver 204.67.3.2
1111
1112 Checking SPF record...
1113 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 204.64.160.38/32, but only the network IP
1114 New IP found: 204.64.160.38
1115 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 141.198.3.225/32, but only the network IP
1116 New IP found: 141.198.3.225
1117 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 208.76.56.0/21, but only the network IP
1118 New IP found: 208.76.56.0
1119 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.146.32.0/20, but only the network IP
1120 New IP found: 216.146.32.0
1121 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 80.231.25.0/24, but only the network IP
1122 New IP found: 80.231.25.0
1123 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 80.231.219.0/24, but only the network IP
1124 New IP found: 80.231.219.0
1125 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 91.198.22.0/24, but only the network IP
1126 New IP found: 91.198.22.0
1127 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 103.11.200.0/22, but only the network IP
1128 New IP found: 103.11.200.0
1129 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 199.19.0.0/21, but only the network IP
1130 New IP found: 199.19.0.0
1131 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 203.62.195.0/24", but only the network IP
1132 New IP found: 203.62.195.0
1133 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 204.13.248.0/22, but only the network IP
1134 New IP found: 204.13.248.0
1135 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 208.78.68.0/22, but only the network IP
1136 New IP found: 208.78.68.0
1137 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 162.88.36.0/23, but only the network IP
1138 New IP found: 162.88.36.0
1139 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 162.88.4.0/23, but only the network IP
1140 New IP found: 162.88.4.0
1141 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 129.121.0.0/16, but only the network IP
1142 New IP found: 129.121.0.0
1143 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 152.160.0.0/16, but only the network IP
1144 New IP found: 152.160.0.0
1145 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.247.0.0/16, but only the network IP
1146 New IP found: 64.247.0.0
1147 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 65.75.0.0/16, but only the network IP
1148 New IP found: 65.75.0.0
1149 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 78.157.218.0/24, but only the network IP
1150 New IP found: 78.157.218.0
1151 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 74.63.245.96/28", but only the network IP
1152 New IP found: 74.63.245.96
1153 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 75.103.73.84/32, but only the network IP
1154 New IP found: 75.103.73.84
1155 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 63.236.100.0/24, but only the network IP
1156 New IP found: 63.236.100.0
1157 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.77.16.0/24, but only the network IP
1158 New IP found: 66.77.16.0
1159 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 74.202.227.32/27, but only the network IP
1160 New IP found: 74.202.227.32
1161 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.27.93.0/25, but only the network IP
1162 New IP found: 216.27.93.0
1163 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.27.84.64/27, but only the network IP
1164 New IP found: 216.27.84.64
1165 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.192.165.128/28, but only the network IP
1166 New IP found: 66.192.165.128
1167 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.162.193.224/28, but only the network IP
1168 New IP found: 66.162.193.224
1169 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.132.109.48/28, but only the network IP
1170 New IP found: 64.132.109.48
1171 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.27.86.128/26", but only the network IP
1172 New IP found: 216.27.86.128
1173 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.254.213.192/26, but only the network IP
1174 New IP found: 207.254.213.192
1175 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 69.166.133.128/29, but only the network IP
1176 New IP found: 69.166.133.128
1177 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 69.166.133.224/29, but only the network IP
1178 New IP found: 69.166.133.224
1179 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 69.166.133.232/29, but only the network IP
1180 New IP found: 69.166.133.232
1181 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 27.126.146.0/24, but only the network IP
1182 New IP found: 27.126.146.0
1183 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 103.28.42.0/24, but only the network IP
1184 New IP found: 103.28.42.0
1185 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 146.88.28.0/24, but only the network IP
1186 New IP found: 146.88.28.0
1187 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 163.47.180.0/22, but only the network IP
1188 New IP found: 163.47.180.0
1189 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 203.55.21.0/24", but only the network IP
1190 New IP found: 203.55.21.0
1191 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 204.75.142.0/24, but only the network IP
1192 New IP found: 204.75.142.0
1193 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 205.251.197.177/32, but only the network IP
1194 New IP found: 205.251.197.177
1195 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 205.251.198.147/32, but only the network IP
1196 New IP found: 205.251.198.147
1197 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 205.251.193.123/32, but only the network IP
1198 New IP found: 205.251.193.123
1199 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 205.251.194.80/32, but only the network IP
1200 New IP found: 205.251.194.80
1201 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 204.64.160.89/32", but only the network IP
1202 New IP found: 204.64.160.89
1203
1204 Checking SPF record...
1205
1206 Checking SPF record...
1207 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 35.190.247.0/24, but only the network IP
1208 New IP found: 35.190.247.0
1209 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.233.160.0/19, but only the network IP
1210 New IP found: 64.233.160.0
1211 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.102.0.0/20, but only the network IP
1212 New IP found: 66.102.0.0
1213 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.249.80.0/20, but only the network IP
1214 New IP found: 66.249.80.0
1215 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 72.14.192.0/18, but only the network IP
1216 New IP found: 72.14.192.0
1217 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 74.125.0.0/16, but only the network IP
1218 New IP found: 74.125.0.0
1219 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 108.177.8.0/21, but only the network IP
1220 New IP found: 108.177.8.0
1221 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 173.194.0.0/16, but only the network IP
1222 New IP found: 173.194.0.0
1223 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 209.85.128.0/17, but only the network IP
1224 New IP found: 209.85.128.0
1225 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.58.192.0/19, but only the network IP
1226 New IP found: 216.58.192.0
1227 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.239.32.0/19, but only the network IP
1228 New IP found: 216.239.32.0
1229
1230 Checking SPF record...
1231 There are no IPv4 addresses in the SPF. Maybe IPv6.
1232 There are no IPv4 addresses in the SPF. Maybe IPv6.
1233 There are no IPv4 addresses in the SPF. Maybe IPv6.
1234 There are no IPv4 addresses in the SPF. Maybe IPv6.
1235 There are no IPv4 addresses in the SPF. Maybe IPv6.
1236 There are no IPv4 addresses in the SPF. Maybe IPv6.
1237
1238 Checking SPF record...
1239 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.0.0/19, but only the network IP
1240 New IP found: 172.217.0.0
1241 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.32.0/20, but only the network IP
1242 New IP found: 172.217.32.0
1243 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.128.0/19, but only the network IP
1244 New IP found: 172.217.128.0
1245 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.160.0/20, but only the network IP
1246 New IP found: 172.217.160.0
1247 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.192.0/19, but only the network IP
1248 New IP found: 172.217.192.0
1249 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.253.56.0/21, but only the network IP
1250 New IP found: 172.253.56.0
1251 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.253.112.0/20, but only the network IP
1252 New IP found: 172.253.112.0
1253 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 108.177.96.0/19, but only the network IP
1254 New IP found: 108.177.96.0
1255 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 35.191.0.0/16, but only the network IP
1256 New IP found: 35.191.0.0
1257 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 130.211.0.0/22, but only the network IP
1258 New IP found: 130.211.0.0
1259
1260 Checking SPF record...
1261 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 199.255.192.0/22, but only the network IP
1262 New IP found: 199.255.192.0
1263 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 199.127.232.0/22, but only the network IP
1264 New IP found: 199.127.232.0
1265 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 54.240.0.0/18, but only the network IP
1266 New IP found: 54.240.0.0
1267 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 69.169.224.0/20, but only the network IP
1268 New IP found: 69.169.224.0
1269 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 76.223.176.0/24, but only the network IP
1270 New IP found: 76.223.176.0
1271 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 76.223.180.0/23, but only the network IP
1272 New IP found: 76.223.180.0
1273 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 76.223.188.0/24, but only the network IP
1274 New IP found: 76.223.188.0
1275 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 76.223.189.0/24, but only the network IP
1276 New IP found: 76.223.189.0
1277 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 76.223.190.0/24, but only the network IP
1278 New IP found: 76.223.190.0
1279
1280 Checking SPF record...
1281 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
1282 New IP found: 40.92.0.0
1283 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
1284 New IP found: 40.107.0.0
1285 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
1286 New IP found: 52.100.0.0
1287 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
1288 New IP found: 104.47.0.0
1289 There are no IPv4 addresses in the SPF. Maybe IPv6.
1290 There are no IPv4 addresses in the SPF. Maybe IPv6.
1291
1292 Checking 192 most common hostnames using system default resolver...
1293 IP: 184.72.111.210 (United States)
1294 HostName: www.texasagriculture.gov. Type: A
1295 IP: 204.64.160.38 (United States)
1296 Type: SPF
1297 HostName: mail.texasagriculture.gov. Type: A
1298 HostName: mail.texasagriculture.gov Type: PTR
1299 IP: 204.65.10.131 (United States)
1300 HostName: ns.tda.state.tx.us Type: NS
1301 HostName: ns.agr.state.tx.us Type: PTR
1302 HostName: ns.texasagriculture.gov. Type: A
1303
1304 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1305 Checking netblock 52.100.0.0
1306 Checking netblock 208.78.68.0
1307 Checking netblock 141.198.3.0
1308 Checking netblock 216.58.192.0
1309 Checking netblock 204.65.10.0
1310 Checking netblock 76.223.188.0
1311 Checking netblock 204.75.142.0
1312 Checking netblock 66.162.193.0
1313 Checking netblock 162.88.36.0
1314 Checking netblock 69.166.133.0
1315 Checking netblock 75.103.73.0
1316 Checking netblock 65.75.0.0
1317 Checking netblock 66.77.16.0
1318 Checking netblock 104.47.41.0
1319 Checking netblock 199.19.0.0
1320 Checking netblock 172.253.56.0
1321 Checking netblock 66.192.165.0
1322 Checking netblock 203.62.195.0
1323 Checking netblock 204.64.160.0
1324 Checking netblock 172.217.32.0
1325 Checking netblock 204.67.3.0
1326 Checking netblock 208.76.56.0
1327 Checking netblock 104.47.0.0
1328 Checking netblock 216.27.93.0
1329 Checking netblock 76.223.189.0
1330 Checking netblock 172.217.192.0
1331 Checking netblock 199.255.192.0
1332 Checking netblock 173.194.0.0
1333 Checking netblock 216.27.86.0
1334 Checking netblock 205.251.198.0
1335 Checking netblock 74.125.0.0
1336 Checking netblock 130.211.0.0
1337 Checking netblock 172.217.128.0
1338 Checking netblock 40.92.0.0
1339 Checking netblock 76.223.180.0
1340 Checking netblock 80.231.25.0
1341 Checking netblock 205.251.197.0
1342 Checking netblock 205.251.194.0
1343 Checking netblock 54.240.0.0
1344 Checking netblock 216.239.32.0
1345 Checking netblock 63.236.100.0
1346 Checking netblock 172.217.160.0
1347 Checking netblock 64.132.109.0
1348 Checking netblock 184.72.111.0
1349 Checking netblock 207.254.213.0
1350 Checking netblock 216.146.32.0
1351 Checking netblock 66.102.0.0
1352 Checking netblock 172.253.112.0
1353 Checking netblock 129.121.0.0
1354 Checking netblock 108.177.8.0
1355 Checking netblock 76.223.176.0
1356 Checking netblock 216.27.84.0
1357 Checking netblock 163.47.180.0
1358 Checking netblock 69.169.224.0
1359 Checking netblock 40.107.0.0
1360 Checking netblock 103.28.42.0
1361 Checking netblock 80.231.219.0
1362 Checking netblock 203.55.21.0
1363 Checking netblock 152.160.0.0
1364 Checking netblock 162.88.4.0
1365 Checking netblock 172.217.0.0
1366 Checking netblock 205.251.193.0
1367 Checking netblock 76.223.190.0
1368 Checking netblock 209.85.128.0
1369 Checking netblock 27.126.146.0
1370 Checking netblock 78.157.218.0
1371 Checking netblock 35.190.247.0
1372 Checking netblock 204.13.248.0
1373 Checking netblock 64.247.0.0
1374 Checking netblock 74.63.245.0
1375 Checking netblock 91.198.22.0
1376 Checking netblock 74.202.227.0
1377 Checking netblock 146.88.28.0
1378 Checking netblock 35.191.0.0
1379 Checking netblock 199.127.232.0
1380 Checking netblock 72.14.192.0
1381 Checking netblock 103.11.200.0
1382 Checking netblock 66.249.80.0
1383 Checking netblock 108.177.96.0
1384 Checking netblock 64.233.160.0
1385
1386 Searching for texasagriculture.gov. emails in Google
1387 wyatt@texasagriculture.gov
1388 MWBE@texasagriculture.gov;
1389 squaremeals@texasagriculture.gov
1390 ruralhealth@texasagriculture.gov�
1391 jason.fearneyhough@texasagriculture.gov.
1392 ilissa.nolan@texasagriculture.gov
1393 Jason.Fearneyhough@texasagriculture.gov,
1394 awinash.bhatkar@texasagriculture.gov.
1395
1396 Checking 83 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1397 Host 52.100.0.0 is up (reset ttl 64)
1398 Host 208.78.68.0 is up (reset ttl 64)
1399 Host 141.198.3.225 is up (reset ttl 64)
1400 Host 216.58.192.0 is up (reset ttl 64)
1401 Host 204.65.10.131 is up (reset ttl 64)
1402 Host 76.223.188.0 is up (reset ttl 64)
1403 Host 204.75.142.0 is up (reset ttl 64)
1404 Host 66.162.193.224 is up (reset ttl 64)
1405 Host 162.88.36.0 is up (reset ttl 64)
1406 Host 69.166.133.232 is up (reset ttl 64)
1407 Host 75.103.73.84 is up (reset ttl 64)
1408 Host 65.75.0.0 is up (reset ttl 64)
1409 Host 66.77.16.0 is up (reset ttl 64)
1410 Host 104.47.41.36 is up (reset ttl 64)
1411 Host 199.19.0.0 is up (reset ttl 64)
1412 Host 172.253.56.0 is up (reset ttl 64)
1413 Host 66.192.165.128 is up (reset ttl 64)
1414 Host 203.62.195.0 is up (reset ttl 64)
1415 Host 204.64.160.89 is up (reset ttl 64)
1416 Host 172.217.32.0 is up (reset ttl 64)
1417 Host 204.67.3.2 is up (reset ttl 64)
1418 Host 208.76.56.0 is up (reset ttl 64)
1419 Host 104.47.0.0 is up (reset ttl 64)
1420 Host 216.27.93.0 is up (reset ttl 64)
1421 Host 76.223.189.0 is up (reset ttl 64)
1422 Host 172.217.192.0 is up (reset ttl 64)
1423 Host 199.255.192.0 is up (reset ttl 64)
1424 Host 173.194.0.0 is up (reset ttl 64)
1425 Host 216.27.86.128 is up (reset ttl 64)
1426 Host 205.251.198.147 is up (reset ttl 64)
1427 Host 74.125.0.0 is up (reset ttl 64)
1428 Host 130.211.0.0 is up (reset ttl 64)
1429 Host 204.64.160.38 is up (reset ttl 64)
1430 Host 172.217.128.0 is up (reset ttl 64)
1431 Host 40.92.0.0 is up (reset ttl 64)
1432 Host 76.223.180.0 is up (reset ttl 64)
1433 Host 69.166.133.224 is up (reset ttl 64)
1434 Host 80.231.25.0 is up (reset ttl 64)
1435 Host 205.251.197.177 is up (reset ttl 64)
1436 Host 205.251.194.80 is up (reset ttl 64)
1437 Host 54.240.0.0 is up (reset ttl 64)
1438 Host 216.239.32.0 is up (reset ttl 64)
1439 Host 63.236.100.0 is up (reset ttl 64)
1440 Host 172.217.160.0 is up (reset ttl 64)
1441 Host 64.132.109.48 is up (reset ttl 64)
1442 Host 184.72.111.210 is up (reset ttl 64)
1443 Host 207.254.213.192 is up (reset ttl 64)
1444 Host 216.146.32.0 is up (reset ttl 64)
1445 Host 66.102.0.0 is up (reset ttl 64)
1446 Host 172.253.112.0 is up (reset ttl 64)
1447 Host 129.121.0.0 is up (reset ttl 64)
1448 Host 69.166.133.128 is up (reset ttl 64)
1449 Host 108.177.8.0 is up (reset ttl 64)
1450 Host 76.223.176.0 is up (reset ttl 64)
1451 Host 216.27.84.64 is up (reset ttl 64)
1452 Host 163.47.180.0 is up (reset ttl 64)
1453 Host 69.169.224.0 is up (reset ttl 64)
1454 Host 40.107.0.0 is up (reset ttl 64)
1455 Host 103.28.42.0 is up (reset ttl 64)
1456 Host 80.231.219.0 is up (reset ttl 64)
1457 Host 203.55.21.0 is up (reset ttl 64)
1458 Host 152.160.0.0 is up (reset ttl 64)
1459 Host 162.88.4.0 is up (reset ttl 64)
1460 Host 172.217.0.0 is up (reset ttl 64)
1461 Host 205.251.193.123 is up (reset ttl 64)
1462 Host 76.223.190.0 is up (reset ttl 64)
1463 Host 209.85.128.0 is up (reset ttl 64)
1464 Host 27.126.146.0 is up (reset ttl 64)
1465 Host 78.157.218.0 is up (reset ttl 64)
1466 Host 35.190.247.0 is up (reset ttl 64)
1467 Host 204.13.248.0 is up (reset ttl 64)
1468 Host 64.247.0.0 is up (reset ttl 64)
1469 Host 74.63.245.96 is up (reset ttl 64)
1470 Host 91.198.22.0 is up (reset ttl 64)
1471 Host 74.202.227.32 is up (reset ttl 64)
1472 Host 146.88.28.0 is up (reset ttl 64)
1473 Host 35.191.0.0 is up (reset ttl 64)
1474 Host 199.127.232.0 is up (reset ttl 64)
1475 Host 72.14.192.0 is up (reset ttl 64)
1476 Host 103.11.200.0 is up (reset ttl 64)
1477 Host 66.249.80.0 is up (reset ttl 64)
1478 Host 108.177.96.0 is up (reset ttl 64)
1479 Host 64.233.160.0 is up (reset ttl 64)
1480
1481 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1482 Scanning ip 52.100.0.0 ():
1483 Scanning ip 208.78.68.0 ():
1484 Scanning ip 141.198.3.225 ():
1485 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((FreeBSD) mod_python/3.5.0 Python/2.7.16)
1486 Running (JUST GUESSING): FreeBSD 11.X|12.X|8.X (94%), Linux 4.X (85%), OpenBSD 4.X (85%)
1487 Scanning ip 216.58.192.0 ():
1488 80/tcp open http syn-ack ttl 108 gws
1489 | fingerprint-strings:
1490 | GetRequest:
1491 | HTTP/1.0 200 OK
1492 | Date: Wed, 08 Jan 2020 03:44:46 GMT
1493 | Expires: -1
1494 | Cache-Control: private, max-age=0
1495 | Content-Type: text/html; charset=ISO-8859-1
1496 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1497 | Server: gws
1498 | X-XSS-Protection: 0
1499 | X-Frame-Options: SAMEORIGIN
1500 | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:44:46 GMT; path=/; domain=.google.com; Secure
1501 | Set-Cookie: NID=195=gE7R9SUDY24FaBSdyfQqXSvKCWqzM66tvRIaApGpqC2_yDFx8dtfG3n0rsb_Wq44it2BE7cvpoq49KTxlEtjxgxJ-HfM7_Lq5msDjfp1UBXuRimkcHIw-xIEkahv_WBe7sXs03qzTONSd6NlbQ1bpt7hYY4lWmTHtU6gXQvDlsA; expires=Thu, 09-Jul-2020 03:44:46 GMT; path=/; domain=.google.com; HttpOnly
1502 | Accept-Ranges: none
1503 | Vary: Accept-Encoding
1504 | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1505 | HTTPOptions:
1506 | HTTP/1.0 405 Method Not Allowed
1507 | Allow: GET, HEAD
1508 | Date: Wed, 08 Jan 2020 03:44:46 GMT
1509 | Content-Type: text/html; charset=UTF-8
1510 | Server: gws
1511 | Content-Length: 1592
1512 | X-XSS-Protection: 0
1513 | X-Frame-Options: SAMEORIGIN
1514 | <!DOCTYPE html>
1515 | <html lang=en>
1516 | <meta charset=utf-8>
1517 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1518 | <title>Error 405 (Method Not Allowed)!!1</title>
1519 | <style>
1520 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1521 |_http-favicon: Google
1522 | http-methods:
1523 |_ Supported Methods: GET HEAD
1524 | http-robots.txt: 217 disallowed entries (15 shown)
1525 | /search /sdch /groups /index.html? /? /?hl=*&
1526 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1527 |_http-server-header: gws
1528 |_http-title: Did not follow redirect to http://www.google.com/
1529 443/tcp open ssl/https syn-ack ttl 111 gws
1530 | fingerprint-strings:
1531 | GetRequest:
1532 | HTTP/1.0 200 OK
1533 | Date: Wed, 08 Jan 2020 03:44:53 GMT
1534 | Expires: -1
1535 | Cache-Control: private, max-age=0
1536 | Content-Type: text/html; charset=ISO-8859-1
1537 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1538 | Server: gws
1539 | X-XSS-Protection: 0
1540 | X-Frame-Options: SAMEORIGIN
1541 | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:44:53 GMT; path=/; domain=.google.com; Secure
1542 | Set-Cookie: NID=195=n1vB9AxlWOk2UpBFLvuFKiUAPago3OhmiN1YvnUDdorR6Xelr7IzlA-wcfqVFOMyC541hUsNMClF4roXXRURq0S2lxA7eYZloq24_giU-0GWg2UTTkK0oQ1cA6ngts8QWdUw1Ac1iQ47Ktj1e8bwg4KOfzTIGClp9zme5egEaZY; expires=Thu, 09-Jul-2020 03:44:53 GMT; path=/; domain=.google.com; HttpOnly
1543 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1544 | Accept-Ranges: none
1545 | Vary: Accept-Encoding
1546 | <!doctype html><
1547 | HTTPOptions:
1548 | HTTP/1.0 405 Method Not Allowed
1549 | Allow: GET, HEAD
1550 | Date: Wed, 08 Jan 2020 03:44:53 GMT
1551 | Content-Type: text/html; charset=UTF-8
1552 | Server: gws
1553 | Content-Length: 1592
1554 | X-XSS-Protection: 0
1555 | X-Frame-Options: SAMEORIGIN
1556 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1557 | <!DOCTYPE html>
1558 | <html lang=en>
1559 | <meta charset=utf-8>
1560 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1561 | <title>Error 405 (Method Not Allowed)!!1</title>
1562 | <style>
1563 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1564 |_http-favicon: Google
1565 | http-methods:
1566 |_ Supported Methods: GET HEAD
1567 | http-robots.txt: 217 disallowed entries (15 shown)
1568 | /search /sdch /groups /index.html? /? /?hl=*&
1569 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1570 |_http-server-header: gws
1571 |_http-title: Did not follow redirect to http://www.google.com/
1572 | ssl-cert: Subject: commonName=invalid2.invalid
1573 | Issuer: commonName=invalid2.invalid
1574 | Public Key type: rsa
1575 | Public Key bits: 2048
1576 | Signature Algorithm: sha256WithRSAEncryption
1577 | Not valid before: 2015-01-01T00:00:00
1578 | Not valid after: 2030-01-01T00:00:00
1579 | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1580 |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1581 |_ssl-date: 2020-01-08T03:46:03+00:00; -2s from scanner time.
1582 | tls-alpn:
1583 | grpc-exp
1584 | h2
1585 |_ http/1.1
1586 | tls-nextprotoneg:
1587 | grpc-exp
1588 | h2
1589 |_ http/1.1
1590 Scanning ip 204.65.10.131 (ns.texasagriculture.gov.):
1591 Scanning ip 76.223.188.0 ():
1592 Scanning ip 204.75.142.0 ():
1593 Scanning ip 66.162.193.224 ():
1594 Scanning ip 162.88.36.0 ():
1595 Scanning ip 69.166.133.232 ():
1596 Scanning ip 75.103.73.84 ():
1597 Scanning ip 65.75.0.0 ():
1598 Scanning ip 66.77.16.0 ():
1599 Scanning ip 104.47.41.36 (mail-dm3nam030036.inbound.protection.outlook.com (PTR)):
1600 Scanning ip 199.19.0.0 ():
1601 Scanning ip 172.253.56.0 ():
1602 Scanning ip 66.192.165.128 ():
1603 Scanning ip 203.62.195.0 ():
1604 Scanning ip 204.64.160.89 ():
1605 Scanning ip 172.217.32.0 ():
1606 Scanning ip 204.67.3.2 (ns5.capnet.state.tx.us (PTR)):
1607 Scanning ip 208.76.56.0 ():
1608 Scanning ip 104.47.0.0 ():
1609 Scanning ip 216.27.93.0 ():
1610 Scanning ip 76.223.189.0 ():
1611 Scanning ip 172.217.192.0 ():
1612 Scanning ip 199.255.192.0 ():
1613 Scanning ip 173.194.0.0 ():
1614 Scanning ip 216.27.86.128 ():
1615 Scanning ip 205.251.198.147 ():
1616 53/tcp open tcpwrapped syn-ack ttl 244
1617 Device type: storage-misc|PBX
1618 Scanning ip 74.125.0.0 ():
1619 Scanning ip 130.211.0.0 ():
1620 Scanning ip 204.64.160.38 (mail.texasagriculture.gov (PTR)):
1621 Scanning ip 172.217.128.0 ():
1622 Scanning ip 40.92.0.0 ():
1623 Scanning ip 76.223.180.0 ():
1624 Scanning ip 69.166.133.224 ():
1625 Scanning ip 80.231.25.0 ():
1626 Scanning ip 205.251.197.177 ():
1627 53/tcp open tcpwrapped syn-ack ttl 245
1628 Scanning ip 205.251.194.80 ():
1629 53/tcp open tcpwrapped syn-ack ttl 244
1630 Device type: storage-misc|PBX
1631 Scanning ip 54.240.0.0 ():
1632 80/tcp open http syn-ack ttl 233 Apache httpd
1633 | http-methods:
1634 |_ Supported Methods: POST OPTIONS GET HEAD
1635 |_http-server-header: Apache
1636 |_http-title: 404 Not Found
1637 Scanning ip 216.239.32.0 ():
1638 Scanning ip 63.236.100.0 ():
1639 Scanning ip 172.217.160.0 ():
1640 80/tcp open http syn-ack ttl 122 gws
1641 | fingerprint-strings:
1642 | GetRequest:
1643 | HTTP/1.0 200 OK
1644 | Date: Wed, 08 Jan 2020 03:52:01 GMT
1645 | Expires: -1
1646 | Cache-Control: private, max-age=0
1647 | Content-Type: text/html; charset=ISO-8859-1
1648 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1649 | Server: gws
1650 | X-XSS-Protection: 0
1651 | X-Frame-Options: SAMEORIGIN
1652 | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:52:01 GMT; path=/; domain=.google.com; Secure
1653 | Set-Cookie: NID=195=gjkOv_9kJzFMpQoyPR6pZQVm8P2dbhW23gR9QbhQHHP2iBGBM4sgmrnkgW02xUyzdCaQj1pF2JnhkIt-BifUKfIXe9XxHiplMqSV5X34IGA0Sk5fhZoRH9jiOOo3hIJuMbfG96eBNcP7xPp5_x-KvJnJ77sZu09kxXHDQ_cxShw; expires=Thu, 09-Jul-2020 03:52:01 GMT; path=/; domain=.google.com; HttpOnly
1654 | Accept-Ranges: none
1655 | Vary: Accept-Encoding
1656 | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1657 | HTTPOptions:
1658 | HTTP/1.0 405 Method Not Allowed
1659 | Allow: GET, HEAD
1660 | Date: Wed, 08 Jan 2020 03:52:02 GMT
1661 | Content-Type: text/html; charset=UTF-8
1662 | Server: gws
1663 | Content-Length: 1592
1664 | X-XSS-Protection: 0
1665 | X-Frame-Options: SAMEORIGIN
1666 | <!DOCTYPE html>
1667 | <html lang=en>
1668 | <meta charset=utf-8>
1669 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1670 | <title>Error 405 (Method Not Allowed)!!1</title>
1671 | <style>
1672 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1673 |_http-favicon: Google
1674 | http-methods:
1675 |_ Supported Methods: GET HEAD
1676 | http-robots.txt: 217 disallowed entries (15 shown)
1677 | /search /sdch /groups /index.html? /? /?hl=*&
1678 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1679 |_http-server-header: gws
1680 |_http-title: Did not follow redirect to http://www.google.com/
1681 443/tcp open ssl/https syn-ack ttl 122 gws
1682 | fingerprint-strings:
1683 | GetRequest:
1684 | HTTP/1.0 200 OK
1685 | Date: Wed, 08 Jan 2020 03:52:08 GMT
1686 | Expires: -1
1687 | Cache-Control: private, max-age=0
1688 | Content-Type: text/html; charset=ISO-8859-1
1689 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1690 | Server: gws
1691 | X-XSS-Protection: 0
1692 | X-Frame-Options: SAMEORIGIN
1693 | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:52:08 GMT; path=/; domain=.google.com; Secure
1694 | Set-Cookie: NID=195=dP2o8tIexBTorlO21eG5sWCPM6bZ0X_Qwt85DX29hE4DJ63OSmT8oBE_x376_x4MNt5bD_98TEY72oyTBRGCIVP5JsS4MdoBvCz4yuTns3fzgY9fLPKl9cyDln1NH3BeINrn1OYZBDw95WoAjuO3wvFEhEA3hfkI19A_-vw7nKw; expires=Thu, 09-Jul-2020 03:52:08 GMT; path=/; domain=.google.com; HttpOnly
1695 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1696 | Accept-Ranges: none
1697 | Vary: Accept-Encoding
1698 | <!doctype html><
1699 | HTTPOptions:
1700 | HTTP/1.0 405 Method Not Allowed
1701 | Allow: GET, HEAD
1702 | Date: Wed, 08 Jan 2020 03:52:09 GMT
1703 | Content-Type: text/html; charset=UTF-8
1704 | Server: gws
1705 | Content-Length: 1592
1706 | X-XSS-Protection: 0
1707 | X-Frame-Options: SAMEORIGIN
1708 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1709 | <!DOCTYPE html>
1710 | <html lang=en>
1711 | <meta charset=utf-8>
1712 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1713 | <title>Error 405 (Method Not Allowed)!!1</title>
1714 | <style>
1715 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1716 |_http-favicon: Google
1717 | http-methods:
1718 |_ Supported Methods: GET HEAD
1719 | http-robots.txt: 217 disallowed entries (15 shown)
1720 | /search /sdch /groups /index.html? /? /?hl=*&
1721 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1722 |_http-server-header: gws
1723 |_http-title: Did not follow redirect to http://www.google.com/
1724 | ssl-cert: Subject: commonName=invalid2.invalid
1725 | Issuer: commonName=invalid2.invalid
1726 | Public Key type: rsa
1727 | Public Key bits: 2048
1728 | Signature Algorithm: sha256WithRSAEncryption
1729 | Not valid before: 2015-01-01T00:00:00
1730 | Not valid after: 2030-01-01T00:00:00
1731 | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1732 |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1733 |_ssl-date: 2020-01-08T03:53:47+00:00; -2s from scanner time.
1734 | tls-alpn:
1735 | grpc-exp
1736 | h2
1737 |_ http/1.1
1738 | tls-nextprotoneg:
1739 | grpc-exp
1740 | h2
1741 |_ http/1.1
1742 Scanning ip 64.132.109.48 ():
1743 Scanning ip 184.72.111.210 (www.texasagriculture.gov.):
1744 80/tcp open http syn-ack ttl 114 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1745 |_http-server-header: Microsoft-HTTPAPI/2.0
1746 |_http-title: Not Found
1747 443/tcp open ssl/http syn-ack ttl 114 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1748 |_http-server-header: Microsoft-HTTPAPI/2.0
1749 |_http-title: Not Found
1750 | ssl-cert: Subject: commonName=*.texasagriculture.gov/organizationName=Texas Department of Agriculture/stateOrProvinceName=Texas/countryName=US
1751 | Subject Alternative Name: DNS:*.texasagriculture.gov, DNS:texasagriculture.gov
1752 | Issuer: commonName=Entrust Certification Authority - L1K/organizationName=Entrust, Inc./countryName=US
1753 | Public Key type: rsa
1754 | Public Key bits: 2048
1755 | Signature Algorithm: sha256WithRSAEncryption
1756 | Not valid before: 2019-04-22T21:48:07
1757 | Not valid after: 2021-04-21T22:18:07
1758 | MD5: dffa 35da 958f 148e 94e2 1fdd 5cae 1bb9
1759 |_SHA-1: 7ba4 2a90 0b91 c5a7 6da0 bcc9 74ac 286f 3d3a f7bd
1760 |_ssl-date: 2020-01-08T03:54:22+00:00; -3s from scanner time.
1761 | tls-alpn:
1762 |_ http/1.1
1763 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1764 |_clock-skew: -3s
1765 Scanning ip 207.254.213.192 ():
1766 Scanning ip 216.146.32.0 ():
1767 Scanning ip 66.102.0.0 ():
1768 Scanning ip 172.253.112.0 ():
1769 Scanning ip 129.121.0.0 ():
1770 Scanning ip 69.166.133.128 ():
1771 Scanning ip 108.177.8.0 ():
1772 Scanning ip 76.223.176.0 ():
1773 Scanning ip 216.27.84.64 ():
1774 Scanning ip 163.47.180.0 ():
1775 Scanning ip 69.169.224.0 ():
1776 Scanning ip 40.107.0.0 ():
1777 Scanning ip 103.28.42.0 ():
1778 Scanning ip 80.231.219.0 ():
1779 Scanning ip 203.55.21.0 ():
1780 Scanning ip 152.160.0.0 ():
1781 Scanning ip 162.88.4.0 ():
1782 Scanning ip 172.217.0.0 ():
1783 80/tcp open http syn-ack ttl 122 gws
1784 | fingerprint-strings:
1785 | GetRequest:
1786 | HTTP/1.0 200 OK
1787 | Date: Wed, 08 Jan 2020 03:56:33 GMT
1788 | Expires: -1
1789 | Cache-Control: private, max-age=0
1790 | Content-Type: text/html; charset=ISO-8859-1
1791 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1792 | Server: gws
1793 | X-XSS-Protection: 0
1794 | X-Frame-Options: SAMEORIGIN
1795 | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:56:33 GMT; path=/; domain=.google.com; Secure
1796 | Set-Cookie: NID=195=gO9zfBJ9HYVA_giJWRPWzRRJdFv3IWsP19oSALtoGcgAKmh7Dm_ZuqdG3c6T9b0tfdmXLHy6ZZxcIzfFy-kYMo9wX6_4tzyL7CW9nSZoq_WjYIxWtFJA6LcH-eto3e5uGr9e8J6EwGKsuoaUiZZeOi-Utofy_7EyhcnEd7WW_zg; expires=Thu, 09-Jul-2020 03:56:33 GMT; path=/; domain=.google.com; HttpOnly
1797 | Accept-Ranges: none
1798 | Vary: Accept-Encoding
1799 | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1800 | HTTPOptions:
1801 | HTTP/1.0 405 Method Not Allowed
1802 | Allow: GET, HEAD
1803 | Date: Wed, 08 Jan 2020 03:56:33 GMT
1804 | Content-Type: text/html; charset=UTF-8
1805 | Server: gws
1806 | Content-Length: 1592
1807 | X-XSS-Protection: 0
1808 | X-Frame-Options: SAMEORIGIN
1809 | <!DOCTYPE html>
1810 | <html lang=en>
1811 | <meta charset=utf-8>
1812 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1813 | <title>Error 405 (Method Not Allowed)!!1</title>
1814 | <style>
1815 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1816 |_http-favicon: Google
1817 | http-methods:
1818 |_ Supported Methods: GET HEAD
1819 | http-robots.txt: 217 disallowed entries (15 shown)
1820 | /search /sdch /groups /index.html? /? /?hl=*&
1821 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1822 |_http-server-header: gws
1823 |_http-title: Did not follow redirect to http://www.google.com/
1824 443/tcp open ssl/https syn-ack ttl 122 gws
1825 | fingerprint-strings:
1826 | GetRequest:
1827 | HTTP/1.0 200 OK
1828 | Date: Wed, 08 Jan 2020 03:56:39 GMT
1829 | Expires: -1
1830 | Cache-Control: private, max-age=0
1831 | Content-Type: text/html; charset=ISO-8859-1
1832 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1833 | Server: gws
1834 | X-XSS-Protection: 0
1835 | X-Frame-Options: SAMEORIGIN
1836 | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:56:39 GMT; path=/; domain=.google.com; Secure
1837 | Set-Cookie: NID=195=Wxd7Wt41awsMJsuss4HsqIW2xHQx_FHrXFklWCA8DVDqWD244c-1Ay_muXgA9IEvWrMkFBittGmuLKqMuUQadOwnZ0CBf1dscnmUMveYL3dP6wm7RQ7xgurs0rgQ82lIhYoeoClWiGl5yiGaqBpjXc9fk9RPSGZTiVMy_i_ZhwM; expires=Thu, 09-Jul-2020 03:56:39 GMT; path=/; domain=.google.com; HttpOnly
1838 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1839 | Accept-Ranges: none
1840 | Vary: Accept-Encoding
1841 | <!doctype html><
1842 | HTTPOptions:
1843 | HTTP/1.0 405 Method Not Allowed
1844 | Allow: GET, HEAD
1845 | Date: Wed, 08 Jan 2020 03:56:39 GMT
1846 | Content-Type: text/html; charset=UTF-8
1847 | Server: gws
1848 | Content-Length: 1592
1849 | X-XSS-Protection: 0
1850 | X-Frame-Options: SAMEORIGIN
1851 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1852 | <!DOCTYPE html>
1853 | <html lang=en>
1854 | <meta charset=utf-8>
1855 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1856 | <title>Error 405 (Method Not Allowed)!!1</title>
1857 | <style>
1858 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1859 |_http-favicon: Google
1860 | http-methods:
1861 |_ Supported Methods: GET HEAD
1862 | http-robots.txt: 217 disallowed entries (15 shown)
1863 | /search /sdch /groups /index.html? /? /?hl=*&
1864 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1865 |_http-server-header: gws
1866 |_http-title: Did not follow redirect to http://www.google.com/
1867 | ssl-cert: Subject: commonName=invalid2.invalid
1868 | Issuer: commonName=invalid2.invalid
1869 | Public Key type: rsa
1870 | Public Key bits: 2048
1871 | Signature Algorithm: sha256WithRSAEncryption
1872 | Not valid before: 2015-01-01T00:00:00
1873 | Not valid after: 2030-01-01T00:00:00
1874 | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1875 |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1876 |_ssl-date: 2020-01-08T03:57:49+00:00; -3s from scanner time.
1877 | tls-alpn:
1878 | grpc-exp
1879 | h2
1880 |_ http/1.1
1881 | tls-nextprotoneg:
1882 | grpc-exp
1883 | h2
1884 |_ http/1.1
1885 Scanning ip 205.251.193.123 ():
1886 53/tcp open tcpwrapped syn-ack ttl 240
1887 Scanning ip 76.223.190.0 ():
1888 Scanning ip 209.85.128.0 ():
1889 Scanning ip 27.126.146.0 ():
1890 Scanning ip 78.157.218.0 ():
1891 Scanning ip 35.190.247.0 ():
1892 Scanning ip 204.13.248.0 ():
1893 Scanning ip 64.247.0.0 ():
1894 Scanning ip 74.63.245.96 ():
1895 Scanning ip 91.198.22.0 ():
1896 Scanning ip 74.202.227.32 ():
1897 Scanning ip 146.88.28.0 ():
1898 Scanning ip 35.191.0.0 ():
1899 Scanning ip 199.127.232.0 ():
1900 Scanning ip 72.14.192.0 ():
1901 Scanning ip 103.11.200.0 ():
1902 Scanning ip 66.249.80.0 ():
1903 Scanning ip 108.177.96.0 ():
1904 Scanning ip 64.233.160.0 ():
1905 WebCrawling domain's web servers... up to 50 max links.
1906
1907 + URL to crawl: http://www.texasagriculture.gov.
1908 + Date: 2020-01-07
1909
1910 + Crawling URL: http://www.texasagriculture.gov.:
1911 + Links:
1912 + Crawling http://www.texasagriculture.gov. (400 Bad Request)
1913 + Searching for directories...
1914 + Searching open folders...
1915
1916
1917 + URL to crawl: https://www.texasagriculture.gov.
1918 + Date: 2020-01-07
1919
1920 + Crawling URL: https://www.texasagriculture.gov.:
1921 + Links:
1922 + Crawling https://www.texasagriculture.gov.
1923 + Searching for directories...
1924 + Searching open folders...
1925
1926--Finished--
1927Summary information for domain texasagriculture.gov.
1928-----------------------------------------
1929 Domain Specific Information:
1930 Email: wyatt@texasagriculture.gov
1931 Email: MWBE@texasagriculture.gov;
1932 Email: squaremeals@texasagriculture.gov
1933 Email: ruralhealth@texasagriculture.gov�
1934 Email: jason.fearneyhough@texasagriculture.gov.
1935 Email: ilissa.nolan@texasagriculture.gov
1936 Email: Jason.Fearneyhough@texasagriculture.gov,
1937 Email: awinash.bhatkar@texasagriculture.gov.
1938
1939 Domain Ips Information:
1940 IP: 52.100.0.0
1941 Type: SPF
1942 Is Active: True (reset ttl 64)
1943 IP: 208.78.68.0
1944 Type: SPF
1945 Is Active: True (reset ttl 64)
1946 IP: 141.198.3.225
1947 Type: SPF
1948 Is Active: True (reset ttl 64)
1949 Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((FreeBSD) mod_python/3.5.0 Python/2.7.16)
1950 Script Info: Running (JUST GUESSING): FreeBSD 11.X|12.X|8.X (94%), Linux 4.X (85%), OpenBSD 4.X (85%)
1951 IP: 216.58.192.0
1952 Type: SPF
1953 Is Active: True (reset ttl 64)
1954 Port: 80/tcp open http syn-ack ttl 108 gws
1955 Script Info: | fingerprint-strings:
1956 Script Info: | GetRequest:
1957 Script Info: | HTTP/1.0 200 OK
1958 Script Info: | Date: Wed, 08 Jan 2020 03:44:46 GMT
1959 Script Info: | Expires: -1
1960 Script Info: | Cache-Control: private, max-age=0
1961 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1962 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1963 Script Info: | Server: gws
1964 Script Info: | X-XSS-Protection: 0
1965 Script Info: | X-Frame-Options: SAMEORIGIN
1966 Script Info: | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:44:46 GMT; path=/; domain=.google.com; Secure
1967 Script Info: | Set-Cookie: NID=195=gE7R9SUDY24FaBSdyfQqXSvKCWqzM66tvRIaApGpqC2_yDFx8dtfG3n0rsb_Wq44it2BE7cvpoq49KTxlEtjxgxJ-HfM7_Lq5msDjfp1UBXuRimkcHIw-xIEkahv_WBe7sXs03qzTONSd6NlbQ1bpt7hYY4lWmTHtU6gXQvDlsA; expires=Thu, 09-Jul-2020 03:44:46 GMT; path=/; domain=.google.com; HttpOnly
1968 Script Info: | Accept-Ranges: none
1969 Script Info: | Vary: Accept-Encoding
1970 Script Info: | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1971 Script Info: | HTTPOptions:
1972 Script Info: | HTTP/1.0 405 Method Not Allowed
1973 Script Info: | Allow: GET, HEAD
1974 Script Info: | Date: Wed, 08 Jan 2020 03:44:46 GMT
1975 Script Info: | Content-Type: text/html; charset=UTF-8
1976 Script Info: | Server: gws
1977 Script Info: | Content-Length: 1592
1978 Script Info: | X-XSS-Protection: 0
1979 Script Info: | X-Frame-Options: SAMEORIGIN
1980 Script Info: | <!DOCTYPE html>
1981 Script Info: | <html lang=en>
1982 Script Info: | <meta charset=utf-8>
1983 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1984 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1985 Script Info: | <style>
1986 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1987 Script Info: |_http-favicon: Google
1988 Script Info: | http-methods:
1989 Script Info: |_ Supported Methods: GET HEAD
1990 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1991 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1992 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1993 Script Info: |_http-server-header: gws
1994 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1995 Port: 443/tcp open ssl/https syn-ack ttl 111 gws
1996 Script Info: | fingerprint-strings:
1997 Script Info: | GetRequest:
1998 Script Info: | HTTP/1.0 200 OK
1999 Script Info: | Date: Wed, 08 Jan 2020 03:44:53 GMT
2000 Script Info: | Expires: -1
2001 Script Info: | Cache-Control: private, max-age=0
2002 Script Info: | Content-Type: text/html; charset=ISO-8859-1
2003 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
2004 Script Info: | Server: gws
2005 Script Info: | X-XSS-Protection: 0
2006 Script Info: | X-Frame-Options: SAMEORIGIN
2007 Script Info: | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:44:53 GMT; path=/; domain=.google.com; Secure
2008 Script Info: | Set-Cookie: NID=195=n1vB9AxlWOk2UpBFLvuFKiUAPago3OhmiN1YvnUDdorR6Xelr7IzlA-wcfqVFOMyC541hUsNMClF4roXXRURq0S2lxA7eYZloq24_giU-0GWg2UTTkK0oQ1cA6ngts8QWdUw1Ac1iQ47Ktj1e8bwg4KOfzTIGClp9zme5egEaZY; expires=Thu, 09-Jul-2020 03:44:53 GMT; path=/; domain=.google.com; HttpOnly
2009 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
2010 Script Info: | Accept-Ranges: none
2011 Script Info: | Vary: Accept-Encoding
2012 Script Info: | <!doctype html><
2013 Script Info: | HTTPOptions:
2014 Script Info: | HTTP/1.0 405 Method Not Allowed
2015 Script Info: | Allow: GET, HEAD
2016 Script Info: | Date: Wed, 08 Jan 2020 03:44:53 GMT
2017 Script Info: | Content-Type: text/html; charset=UTF-8
2018 Script Info: | Server: gws
2019 Script Info: | Content-Length: 1592
2020 Script Info: | X-XSS-Protection: 0
2021 Script Info: | X-Frame-Options: SAMEORIGIN
2022 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
2023 Script Info: | <!DOCTYPE html>
2024 Script Info: | <html lang=en>
2025 Script Info: | <meta charset=utf-8>
2026 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
2027 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
2028 Script Info: | <style>
2029 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
2030 Script Info: |_http-favicon: Google
2031 Script Info: | http-methods:
2032 Script Info: |_ Supported Methods: GET HEAD
2033 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
2034 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
2035 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
2036 Script Info: |_http-server-header: gws
2037 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
2038 Script Info: | ssl-cert: Subject: commonName=invalid2.invalid
2039 Script Info: | Issuer: commonName=invalid2.invalid
2040 Script Info: | Public Key type: rsa
2041 Script Info: | Public Key bits: 2048
2042 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2043 Script Info: | Not valid before: 2015-01-01T00:00:00
2044 Script Info: | Not valid after: 2030-01-01T00:00:00
2045 Script Info: | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
2046 Script Info: |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
2047 Script Info: |_ssl-date: 2020-01-08T03:46:03+00:00; -2s from scanner time.
2048 Script Info: | tls-alpn:
2049 Script Info: | grpc-exp
2050 Script Info: | h2
2051 Script Info: |_ http/1.1
2052 Script Info: | tls-nextprotoneg:
2053 Script Info: | grpc-exp
2054 Script Info: | h2
2055 Script Info: |_ http/1.1
2056 IP: 204.65.10.131
2057 HostName: ns.tda.state.tx.us Type: NS
2058 HostName: ns.agr.state.tx.us Type: PTR
2059 HostName: ns.texasagriculture.gov. Type: A
2060 Country: United States
2061 Is Active: True (reset ttl 64)
2062 IP: 76.223.188.0
2063 Type: SPF
2064 Is Active: True (reset ttl 64)
2065 IP: 204.75.142.0
2066 Type: SPF
2067 Is Active: True (reset ttl 64)
2068 IP: 66.162.193.224
2069 Type: SPF
2070 Is Active: True (reset ttl 64)
2071 IP: 162.88.36.0
2072 Type: SPF
2073 Is Active: True (reset ttl 64)
2074 IP: 69.166.133.232
2075 Type: SPF
2076 Is Active: True (reset ttl 64)
2077 IP: 75.103.73.84
2078 Type: SPF
2079 Is Active: True (reset ttl 64)
2080 IP: 65.75.0.0
2081 Type: SPF
2082 Is Active: True (reset ttl 64)
2083 IP: 66.77.16.0
2084 Type: SPF
2085 Is Active: True (reset ttl 64)
2086 IP: 104.47.41.36
2087 HostName: texasagriculture-gov.mail.protection.outlook.com Type: MX
2088 HostName: mail-dm3nam030036.inbound.protection.outlook.com Type: PTR
2089 Country: United States
2090 Is Active: True (reset ttl 64)
2091 IP: 199.19.0.0
2092 Type: SPF
2093 Is Active: True (reset ttl 64)
2094 IP: 172.253.56.0
2095 Type: SPF
2096 Is Active: True (reset ttl 64)
2097 IP: 66.192.165.128
2098 Type: SPF
2099 Is Active: True (reset ttl 64)
2100 IP: 203.62.195.0
2101 Type: SPF
2102 Is Active: True (reset ttl 64)
2103 IP: 204.64.160.89
2104 Type: SPF
2105 Is Active: True (reset ttl 64)
2106 IP: 172.217.32.0
2107 Type: SPF
2108 Is Active: True (reset ttl 64)
2109 IP: 204.67.3.2
2110 HostName: ns5.capnet.state.tx.us Type: NS
2111 HostName: ns5.capnet.state.tx.us Type: PTR
2112 Country: United States
2113 Is Active: True (reset ttl 64)
2114 IP: 208.76.56.0
2115 Type: SPF
2116 Is Active: True (reset ttl 64)
2117 IP: 104.47.0.0
2118 Type: SPF
2119 Is Active: True (reset ttl 64)
2120 IP: 216.27.93.0
2121 Type: SPF
2122 Is Active: True (reset ttl 64)
2123 IP: 76.223.189.0
2124 Type: SPF
2125 Is Active: True (reset ttl 64)
2126 IP: 172.217.192.0
2127 Type: SPF
2128 Is Active: True (reset ttl 64)
2129 IP: 199.255.192.0
2130 Type: SPF
2131 Is Active: True (reset ttl 64)
2132 IP: 173.194.0.0
2133 Type: SPF
2134 Is Active: True (reset ttl 64)
2135 IP: 216.27.86.128
2136 Type: SPF
2137 Is Active: True (reset ttl 64)
2138 IP: 205.251.198.147
2139 Type: SPF
2140 Is Active: True (reset ttl 64)
2141 Port: 53/tcp open tcpwrapped syn-ack ttl 244
2142 Script Info: Device type: storage-misc|PBX
2143 IP: 74.125.0.0
2144 Type: SPF
2145 Is Active: True (reset ttl 64)
2146 IP: 130.211.0.0
2147 Type: SPF
2148 Is Active: True (reset ttl 64)
2149 IP: 204.64.160.38
2150 Type: SPF
2151 HostName: mail.texasagriculture.gov. Type: A
2152 HostName: mail.texasagriculture.gov Type: PTR
2153 Country: United States
2154 Is Active: True (reset ttl 64)
2155 IP: 172.217.128.0
2156 Type: SPF
2157 Is Active: True (reset ttl 64)
2158 IP: 40.92.0.0
2159 Type: SPF
2160 Is Active: True (reset ttl 64)
2161 IP: 76.223.180.0
2162 Type: SPF
2163 Is Active: True (reset ttl 64)
2164 IP: 69.166.133.224
2165 Type: SPF
2166 Is Active: True (reset ttl 64)
2167 IP: 80.231.25.0
2168 Type: SPF
2169 Is Active: True (reset ttl 64)
2170 IP: 205.251.197.177
2171 Type: SPF
2172 Is Active: True (reset ttl 64)
2173 Port: 53/tcp open tcpwrapped syn-ack ttl 245
2174 IP: 205.251.194.80
2175 Type: SPF
2176 Is Active: True (reset ttl 64)
2177 Port: 53/tcp open tcpwrapped syn-ack ttl 244
2178 Script Info: Device type: storage-misc|PBX
2179 IP: 54.240.0.0
2180 Type: SPF
2181 Is Active: True (reset ttl 64)
2182 Port: 80/tcp open http syn-ack ttl 233 Apache httpd
2183 Script Info: | http-methods:
2184 Script Info: |_ Supported Methods: POST OPTIONS GET HEAD
2185 Script Info: |_http-server-header: Apache
2186 Script Info: |_http-title: 404 Not Found
2187 IP: 216.239.32.0
2188 Type: SPF
2189 Is Active: True (reset ttl 64)
2190 IP: 63.236.100.0
2191 Type: SPF
2192 Is Active: True (reset ttl 64)
2193 IP: 172.217.160.0
2194 Type: SPF
2195 Is Active: True (reset ttl 64)
2196 Port: 80/tcp open http syn-ack ttl 122 gws
2197 Script Info: | fingerprint-strings:
2198 Script Info: | GetRequest:
2199 Script Info: | HTTP/1.0 200 OK
2200 Script Info: | Date: Wed, 08 Jan 2020 03:52:01 GMT
2201 Script Info: | Expires: -1
2202 Script Info: | Cache-Control: private, max-age=0
2203 Script Info: | Content-Type: text/html; charset=ISO-8859-1
2204 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
2205 Script Info: | Server: gws
2206 Script Info: | X-XSS-Protection: 0
2207 Script Info: | X-Frame-Options: SAMEORIGIN
2208 Script Info: | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:52:01 GMT; path=/; domain=.google.com; Secure
2209 Script Info: | Set-Cookie: NID=195=gjkOv_9kJzFMpQoyPR6pZQVm8P2dbhW23gR9QbhQHHP2iBGBM4sgmrnkgW02xUyzdCaQj1pF2JnhkIt-BifUKfIXe9XxHiplMqSV5X34IGA0Sk5fhZoRH9jiOOo3hIJuMbfG96eBNcP7xPp5_x-KvJnJ77sZu09kxXHDQ_cxShw; expires=Thu, 09-Jul-2020 03:52:01 GMT; path=/; domain=.google.com; HttpOnly
2210 Script Info: | Accept-Ranges: none
2211 Script Info: | Vary: Accept-Encoding
2212 Script Info: | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
2213 Script Info: | HTTPOptions:
2214 Script Info: | HTTP/1.0 405 Method Not Allowed
2215 Script Info: | Allow: GET, HEAD
2216 Script Info: | Date: Wed, 08 Jan 2020 03:52:02 GMT
2217 Script Info: | Content-Type: text/html; charset=UTF-8
2218 Script Info: | Server: gws
2219 Script Info: | Content-Length: 1592
2220 Script Info: | X-XSS-Protection: 0
2221 Script Info: | X-Frame-Options: SAMEORIGIN
2222 Script Info: | <!DOCTYPE html>
2223 Script Info: | <html lang=en>
2224 Script Info: | <meta charset=utf-8>
2225 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
2226 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
2227 Script Info: | <style>
2228 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
2229 Script Info: |_http-favicon: Google
2230 Script Info: | http-methods:
2231 Script Info: |_ Supported Methods: GET HEAD
2232 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
2233 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
2234 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
2235 Script Info: |_http-server-header: gws
2236 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
2237 Port: 443/tcp open ssl/https syn-ack ttl 122 gws
2238 Script Info: | fingerprint-strings:
2239 Script Info: | GetRequest:
2240 Script Info: | HTTP/1.0 200 OK
2241 Script Info: | Date: Wed, 08 Jan 2020 03:52:08 GMT
2242 Script Info: | Expires: -1
2243 Script Info: | Cache-Control: private, max-age=0
2244 Script Info: | Content-Type: text/html; charset=ISO-8859-1
2245 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
2246 Script Info: | Server: gws
2247 Script Info: | X-XSS-Protection: 0
2248 Script Info: | X-Frame-Options: SAMEORIGIN
2249 Script Info: | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:52:08 GMT; path=/; domain=.google.com; Secure
2250 Script Info: | Set-Cookie: NID=195=dP2o8tIexBTorlO21eG5sWCPM6bZ0X_Qwt85DX29hE4DJ63OSmT8oBE_x376_x4MNt5bD_98TEY72oyTBRGCIVP5JsS4MdoBvCz4yuTns3fzgY9fLPKl9cyDln1NH3BeINrn1OYZBDw95WoAjuO3wvFEhEA3hfkI19A_-vw7nKw; expires=Thu, 09-Jul-2020 03:52:08 GMT; path=/; domain=.google.com; HttpOnly
2251 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
2252 Script Info: | Accept-Ranges: none
2253 Script Info: | Vary: Accept-Encoding
2254 Script Info: | <!doctype html><
2255 Script Info: | HTTPOptions:
2256 Script Info: | HTTP/1.0 405 Method Not Allowed
2257 Script Info: | Allow: GET, HEAD
2258 Script Info: | Date: Wed, 08 Jan 2020 03:52:09 GMT
2259 Script Info: | Content-Type: text/html; charset=UTF-8
2260 Script Info: | Server: gws
2261 Script Info: | Content-Length: 1592
2262 Script Info: | X-XSS-Protection: 0
2263 Script Info: | X-Frame-Options: SAMEORIGIN
2264 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
2265 Script Info: | <!DOCTYPE html>
2266 Script Info: | <html lang=en>
2267 Script Info: | <meta charset=utf-8>
2268 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
2269 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
2270 Script Info: | <style>
2271 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
2272 Script Info: |_http-favicon: Google
2273 Script Info: | http-methods:
2274 Script Info: |_ Supported Methods: GET HEAD
2275 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
2276 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
2277 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
2278 Script Info: |_http-server-header: gws
2279 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
2280 Script Info: | ssl-cert: Subject: commonName=invalid2.invalid
2281 Script Info: | Issuer: commonName=invalid2.invalid
2282 Script Info: | Public Key type: rsa
2283 Script Info: | Public Key bits: 2048
2284 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2285 Script Info: | Not valid before: 2015-01-01T00:00:00
2286 Script Info: | Not valid after: 2030-01-01T00:00:00
2287 Script Info: | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
2288 Script Info: |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
2289 Script Info: |_ssl-date: 2020-01-08T03:53:47+00:00; -2s from scanner time.
2290 Script Info: | tls-alpn:
2291 Script Info: | grpc-exp
2292 Script Info: | h2
2293 Script Info: |_ http/1.1
2294 Script Info: | tls-nextprotoneg:
2295 Script Info: | grpc-exp
2296 Script Info: | h2
2297 Script Info: |_ http/1.1
2298 IP: 64.132.109.48
2299 Type: SPF
2300 Is Active: True (reset ttl 64)
2301 IP: 184.72.111.210
2302 HostName: www.texasagriculture.gov. Type: A
2303 Country: United States
2304 Is Active: True (reset ttl 64)
2305 Port: 80/tcp open http syn-ack ttl 114 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2306 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
2307 Script Info: |_http-title: Not Found
2308 Port: 443/tcp open ssl/http syn-ack ttl 114 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2309 Script Info: |_http-server-header: Microsoft-HTTPAPI/2.0
2310 Script Info: |_http-title: Not Found
2311 Script Info: | ssl-cert: Subject: commonName=*.texasagriculture.gov/organizationName=Texas Department of Agriculture/stateOrProvinceName=Texas/countryName=US
2312 Script Info: | Subject Alternative Name: DNS:*.texasagriculture.gov, DNS:texasagriculture.gov
2313 Script Info: | Issuer: commonName=Entrust Certification Authority - L1K/organizationName=Entrust, Inc./countryName=US
2314 Script Info: | Public Key type: rsa
2315 Script Info: | Public Key bits: 2048
2316 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2317 Script Info: | Not valid before: 2019-04-22T21:48:07
2318 Script Info: | Not valid after: 2021-04-21T22:18:07
2319 Script Info: | MD5: dffa 35da 958f 148e 94e2 1fdd 5cae 1bb9
2320 Script Info: |_SHA-1: 7ba4 2a90 0b91 c5a7 6da0 bcc9 74ac 286f 3d3a f7bd
2321 Script Info: |_ssl-date: 2020-01-08T03:54:22+00:00; -3s from scanner time.
2322 Script Info: | tls-alpn:
2323 Script Info: |_ http/1.1
2324 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2325 Script Info: |_clock-skew: -3s
2326 IP: 207.254.213.192
2327 Type: SPF
2328 Is Active: True (reset ttl 64)
2329 IP: 216.146.32.0
2330 Type: SPF
2331 Is Active: True (reset ttl 64)
2332 IP: 66.102.0.0
2333 Type: SPF
2334 Is Active: True (reset ttl 64)
2335 IP: 172.253.112.0
2336 Type: SPF
2337 Is Active: True (reset ttl 64)
2338 IP: 129.121.0.0
2339 Type: SPF
2340 Is Active: True (reset ttl 64)
2341 IP: 69.166.133.128
2342 Type: SPF
2343 Is Active: True (reset ttl 64)
2344 IP: 108.177.8.0
2345 Type: SPF
2346 Is Active: True (reset ttl 64)
2347 IP: 76.223.176.0
2348 Type: SPF
2349 Is Active: True (reset ttl 64)
2350 IP: 216.27.84.64
2351 Type: SPF
2352 Is Active: True (reset ttl 64)
2353 IP: 163.47.180.0
2354 Type: SPF
2355 Is Active: True (reset ttl 64)
2356 IP: 69.169.224.0
2357 Type: SPF
2358 Is Active: True (reset ttl 64)
2359 IP: 40.107.0.0
2360 Type: SPF
2361 Is Active: True (reset ttl 64)
2362 IP: 103.28.42.0
2363 Type: SPF
2364 Is Active: True (reset ttl 64)
2365 IP: 80.231.219.0
2366 Type: SPF
2367 Is Active: True (reset ttl 64)
2368 IP: 203.55.21.0
2369 Type: SPF
2370 Is Active: True (reset ttl 64)
2371 IP: 152.160.0.0
2372 Type: SPF
2373 Is Active: True (reset ttl 64)
2374 IP: 162.88.4.0
2375 Type: SPF
2376 Is Active: True (reset ttl 64)
2377 IP: 172.217.0.0
2378 Type: SPF
2379 Is Active: True (reset ttl 64)
2380 Port: 80/tcp open http syn-ack ttl 122 gws
2381 Script Info: | fingerprint-strings:
2382 Script Info: | GetRequest:
2383 Script Info: | HTTP/1.0 200 OK
2384 Script Info: | Date: Wed, 08 Jan 2020 03:56:33 GMT
2385 Script Info: | Expires: -1
2386 Script Info: | Cache-Control: private, max-age=0
2387 Script Info: | Content-Type: text/html; charset=ISO-8859-1
2388 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
2389 Script Info: | Server: gws
2390 Script Info: | X-XSS-Protection: 0
2391 Script Info: | X-Frame-Options: SAMEORIGIN
2392 Script Info: | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:56:33 GMT; path=/; domain=.google.com; Secure
2393 Script Info: | Set-Cookie: NID=195=gO9zfBJ9HYVA_giJWRPWzRRJdFv3IWsP19oSALtoGcgAKmh7Dm_ZuqdG3c6T9b0tfdmXLHy6ZZxcIzfFy-kYMo9wX6_4tzyL7CW9nSZoq_WjYIxWtFJA6LcH-eto3e5uGr9e8J6EwGKsuoaUiZZeOi-Utofy_7EyhcnEd7WW_zg; expires=Thu, 09-Jul-2020 03:56:33 GMT; path=/; domain=.google.com; HttpOnly
2394 Script Info: | Accept-Ranges: none
2395 Script Info: | Vary: Accept-Encoding
2396 Script Info: | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
2397 Script Info: | HTTPOptions:
2398 Script Info: | HTTP/1.0 405 Method Not Allowed
2399 Script Info: | Allow: GET, HEAD
2400 Script Info: | Date: Wed, 08 Jan 2020 03:56:33 GMT
2401 Script Info: | Content-Type: text/html; charset=UTF-8
2402 Script Info: | Server: gws
2403 Script Info: | Content-Length: 1592
2404 Script Info: | X-XSS-Protection: 0
2405 Script Info: | X-Frame-Options: SAMEORIGIN
2406 Script Info: | <!DOCTYPE html>
2407 Script Info: | <html lang=en>
2408 Script Info: | <meta charset=utf-8>
2409 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
2410 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
2411 Script Info: | <style>
2412 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
2413 Script Info: |_http-favicon: Google
2414 Script Info: | http-methods:
2415 Script Info: |_ Supported Methods: GET HEAD
2416 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
2417 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
2418 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
2419 Script Info: |_http-server-header: gws
2420 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
2421 Port: 443/tcp open ssl/https syn-ack ttl 122 gws
2422 Script Info: | fingerprint-strings:
2423 Script Info: | GetRequest:
2424 Script Info: | HTTP/1.0 200 OK
2425 Script Info: | Date: Wed, 08 Jan 2020 03:56:39 GMT
2426 Script Info: | Expires: -1
2427 Script Info: | Cache-Control: private, max-age=0
2428 Script Info: | Content-Type: text/html; charset=ISO-8859-1
2429 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
2430 Script Info: | Server: gws
2431 Script Info: | X-XSS-Protection: 0
2432 Script Info: | X-Frame-Options: SAMEORIGIN
2433 Script Info: | Set-Cookie: 1P_JAR=2020-01-08-03; expires=Fri, 07-Feb-2020 03:56:39 GMT; path=/; domain=.google.com; Secure
2434 Script Info: | Set-Cookie: NID=195=Wxd7Wt41awsMJsuss4HsqIW2xHQx_FHrXFklWCA8DVDqWD244c-1Ay_muXgA9IEvWrMkFBittGmuLKqMuUQadOwnZ0CBf1dscnmUMveYL3dP6wm7RQ7xgurs0rgQ82lIhYoeoClWiGl5yiGaqBpjXc9fk9RPSGZTiVMy_i_ZhwM; expires=Thu, 09-Jul-2020 03:56:39 GMT; path=/; domain=.google.com; HttpOnly
2435 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
2436 Script Info: | Accept-Ranges: none
2437 Script Info: | Vary: Accept-Encoding
2438 Script Info: | <!doctype html><
2439 Script Info: | HTTPOptions:
2440 Script Info: | HTTP/1.0 405 Method Not Allowed
2441 Script Info: | Allow: GET, HEAD
2442 Script Info: | Date: Wed, 08 Jan 2020 03:56:39 GMT
2443 Script Info: | Content-Type: text/html; charset=UTF-8
2444 Script Info: | Server: gws
2445 Script Info: | Content-Length: 1592
2446 Script Info: | X-XSS-Protection: 0
2447 Script Info: | X-Frame-Options: SAMEORIGIN
2448 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
2449 Script Info: | <!DOCTYPE html>
2450 Script Info: | <html lang=en>
2451 Script Info: | <meta charset=utf-8>
2452 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
2453 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
2454 Script Info: | <style>
2455 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
2456 Script Info: |_http-favicon: Google
2457 Script Info: | http-methods:
2458 Script Info: |_ Supported Methods: GET HEAD
2459 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
2460 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
2461 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
2462 Script Info: |_http-server-header: gws
2463 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
2464 Script Info: | ssl-cert: Subject: commonName=invalid2.invalid
2465 Script Info: | Issuer: commonName=invalid2.invalid
2466 Script Info: | Public Key type: rsa
2467 Script Info: | Public Key bits: 2048
2468 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2469 Script Info: | Not valid before: 2015-01-01T00:00:00
2470 Script Info: | Not valid after: 2030-01-01T00:00:00
2471 Script Info: | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
2472 Script Info: |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
2473 Script Info: |_ssl-date: 2020-01-08T03:57:49+00:00; -3s from scanner time.
2474 Script Info: | tls-alpn:
2475 Script Info: | grpc-exp
2476 Script Info: | h2
2477 Script Info: |_ http/1.1
2478 Script Info: | tls-nextprotoneg:
2479 Script Info: | grpc-exp
2480 Script Info: | h2
2481 Script Info: |_ http/1.1
2482 IP: 205.251.193.123
2483 Type: SPF
2484 Is Active: True (reset ttl 64)
2485 Port: 53/tcp open tcpwrapped syn-ack ttl 240
2486 IP: 76.223.190.0
2487 Type: SPF
2488 Is Active: True (reset ttl 64)
2489 IP: 209.85.128.0
2490 Type: SPF
2491 Is Active: True (reset ttl 64)
2492 IP: 27.126.146.0
2493 Type: SPF
2494 Is Active: True (reset ttl 64)
2495 IP: 78.157.218.0
2496 Type: SPF
2497 Is Active: True (reset ttl 64)
2498 IP: 35.190.247.0
2499 Type: SPF
2500 Is Active: True (reset ttl 64)
2501 IP: 204.13.248.0
2502 Type: SPF
2503 Is Active: True (reset ttl 64)
2504 IP: 64.247.0.0
2505 Type: SPF
2506 Is Active: True (reset ttl 64)
2507 IP: 74.63.245.96
2508 Type: SPF
2509 Is Active: True (reset ttl 64)
2510 IP: 91.198.22.0
2511 Type: SPF
2512 Is Active: True (reset ttl 64)
2513 IP: 74.202.227.32
2514 Type: SPF
2515 Is Active: True (reset ttl 64)
2516 IP: 146.88.28.0
2517 Type: SPF
2518 Is Active: True (reset ttl 64)
2519 IP: 35.191.0.0
2520 Type: SPF
2521 Is Active: True (reset ttl 64)
2522 IP: 199.127.232.0
2523 Type: SPF
2524 Is Active: True (reset ttl 64)
2525 IP: 72.14.192.0
2526 Type: SPF
2527 Is Active: True (reset ttl 64)
2528 IP: 103.11.200.0
2529 Type: SPF
2530 Is Active: True (reset ttl 64)
2531 IP: 66.249.80.0
2532 Type: SPF
2533 Is Active: True (reset ttl 64)
2534 IP: 108.177.96.0
2535 Type: SPF
2536 Is Active: True (reset ttl 64)
2537 IP: 64.233.160.0
2538 Type: SPF
2539 Is Active: True (reset ttl 64)
2540
2541--------------End Summary --------------
2542-----------------------------------------
2543#####################################################################################################################################
2544traceroute to texasagriculture.gov (184.72.111.210), 30 hops max, 60 byte packets
2545 1 10.252.204.1 (10.252.204.1) 31.485 ms 63.728 ms 81.559 ms
2546 2 104.245.145.177 (104.245.145.177) 81.546 ms 81.523 ms 81.501 ms
2547 3 104.245.147.41 (104.245.147.41) 81.478 ms 81.442 ms 81.417 ms
2548 4 amazon-a.ip4.torontointernetxchange.net (206.108.35.36) 81.401 ms 81.380 ms 81.357 ms
2549 5 52.93.3.20 (52.93.3.20) 94.965 ms 52.93.3.52 (52.93.3.52) 81.301 ms 81.280 ms
2550 6 52.93.3.129 (52.93.3.129) 81.195 ms 52.93.3.81 (52.93.3.81) 110.361 ms 52.93.3.113 (52.93.3.113) 110.039 ms
2551 7 54.239.43.14 (54.239.43.14) 124.856 ms 52.93.3.154 (52.93.3.154) 140.306 ms 54.239.44.189 (54.239.44.189) 140.187 ms
2552 8 54.239.44.77 (54.239.44.77) 124.761 ms 52.93.129.122 (52.93.129.122) 140.160 ms 54.239.43.14 (54.239.43.14) 140.139 ms
2553 9 54.239.42.73 (54.239.42.73) 140.136 ms 52.93.132.204 (52.93.132.204) 124.659 ms 54.240.229.143 (54.240.229.143) 124.605 ms
255410 * 54.240.229.145 (54.240.229.145) 124.513 ms 54.240.229.147 (54.240.229.147) 124.404 ms
255520 52.93.29.200 (52.93.29.200) 123.059 ms 52.93.29.38 (52.93.29.38) 122.969 ms 52.93.29.48 (52.93.29.48) 122.946 ms
255621 52.93.29.50 (52.93.29.50) 122.938 ms * *
2557####################################################################################################################################
2558----- texasagriculture.gov -----
2559
2560
2561Host's addresses:
2562__________________
2563
2564texasagriculture.gov. 2415 IN A 184.72.111.210
2565______________
2566
2567ns.tda.state.tx.us. 2415 IN A 204.65.10.131
2568ns5.capnet.state.tx.us. 85768 IN A 204.67.3.2
2569
2570
2571Mail (MX) Servers:
2572___________________
2573
2574texasagriculture-gov.mail.protection.outlook.com. 10 IN A 104.47.41.36
2575
2576
2577Trying Zone Transfers and getting Bind Versions:
2578_________________________________________________
2579
2580
2581Trying Zone Transfer for texasagriculture.gov on ns.tda.state.tx.us ...
2582AXFR record query failed: REFUSED
2583
2584Trying Zone Transfer for texasagriculture.gov on ns5.capnet.state.tx.us ...
2585AXFR record query failed: REFUSED
2586
2587
2588Scraping texasagriculture.gov subdomains from Google:
2589______________________________________________________
2590
2591
2592 ---- Google search page: 1 ----
2593
2594 haytransporter
2595
2596 ---- Google search page: 2 ----
2597
2598
2599 ---- Google search page: 3 ----
2600
2601 scalecomplaint
2602
2603 ---- Google search page: 4 ----
2604
2605
2606 ---- Google search page: 5 ----
2607
2608
2609
2610Google Results:
2611________________
2612
2613scalecomplaint.texasagriculture.gov. 3600 IN A 184.72.111.210
2614
2615
2616Brute forcing with /usr/share/dnsenum/dns.txt:
2617_______________________________________________
2618
2619fs.texasagriculture.gov. 3235 IN A 52.200.209.230
2620intranet.texasagriculture.gov. 2945 IN A 204.64.160.19
2621jobs.texasagriculture.gov. 2944 IN A 184.72.111.210
2622mail.texasagriculture.gov. 3210 IN A 204.64.160.38
2623ns.texasagriculture.gov. 3230 IN A 204.65.10.131
2624www.texasagriculture.gov. 2370 IN A 184.72.111.210
2625
2626
2627Launching Whois Queries:
2628_________________________
2629
2630 whois ip result: 184.72.111.0 -> 184.72.0.0/15
2631 whois ip result: 52.200.209.0 -> 52.192.0.0/11
2632 whois ip result: 204.64.160.0 -> 204.64.160.0/21
2633 whois ip result: 204.65.10.0 -> 204.65.8.0/21
2634
2635
2636texasagriculture.gov____________________
2637
2638 204.65.8.0/21
2639 184.72.0.0/15
2640 204.64.160.0/21
2641 52.192.0.0/11
2642####################################################################################################################################
2643Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:31 EST
2644Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2645Host is up (0.099s latency).
2646Not shown: 471 filtered ports, 3 closed ports
2647Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2648PORT STATE SERVICE VERSION
264980/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2650|_http-server-header: Microsoft-HTTPAPI/2.0
2651|_http-title: Not Found
2652443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2653|_http-server-header: Microsoft-HTTPAPI/2.0
2654|_http-title: Not Found
2655| ssl-cert: Subject: commonName=*.texasagriculture.gov/organizationName=Texas Department of Agriculture/stateOrProvinceName=Texas/countryName=US
2656| Subject Alternative Name: DNS:*.texasagriculture.gov, DNS:texasagriculture.gov
2657| Not valid before: 2019-04-22T21:48:07
2658|_Not valid after: 2021-04-21T22:18:07
2659|_ssl-date: 2020-01-08T03:31:51+00:00; -2s from scanner time.
2660| tls-alpn:
2661|_ http/1.1
2662Device type: general purpose
2663Running (JUST GUESSING): Linux 2.6.X (90%)
2664OS CPE: cpe:/o:linux:linux_kernel:2.6
2665Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%)
2666No exact OS matches for host (test conditions non-ideal).
2667Network Distance: 27 hops
2668Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2669
2670Host script results:
2671|_clock-skew: -2s
2672
2673TRACEROUTE (using port 80/tcp)
2674HOP RTT ADDRESS
26751 46.09 ms 10.252.204.1
26762 81.74 ms 104.245.145.177
26773 81.79 ms 104.245.147.41
26784 81.82 ms amazon-a.ip4.torontointernetxchange.net (206.108.35.36)
26795 81.86 ms 52.93.3.100
26806 81.86 ms 52.93.3.51
26817 81.90 ms 54.239.44.189
26828 81.96 ms 54.239.44.77
26839 81.95 ms 54.240.229.149
268410 ... 19
268520 62.30 ms 52.93.29.40
268621 ... 26
268727 144.10 ms ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2688#####################################################################################################################################
2689Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:31 EST
2690Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2691Host is up (0.085s latency).
2692Not shown: 15 filtered ports, 1 closed port
2693Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2694PORT STATE SERVICE VERSION
269553/udp open|filtered domain
269667/udp open|filtered dhcps
269768/udp open|filtered dhcpc
269869/udp open|filtered tftp
269988/udp open|filtered kerberos-sec
2700123/udp open|filtered ntp
2701139/udp open|filtered netbios-ssn
2702161/udp open|filtered snmp
2703162/udp open|filtered snmptrap
2704389/udp open|filtered ldap
2705520/udp open|filtered route
27062049/udp open|filtered nfs
2707Too many fingerprints match this host to give specific OS details
2708
2709TRACEROUTE (using port 138/udp)
2710HOP RTT ADDRESS
27111 91.58 ms 10.252.204.1
27122 ... 4
27135 77.02 ms 10.252.204.1
27146 77.01 ms 10.252.204.1
27157 77.01 ms 10.252.204.1
27168 77.01 ms 10.252.204.1
27179 77.01 ms 10.252.204.1
271810 77.03 ms 10.252.204.1
271911 94.48 ms 10.252.204.1
272012 ... 18
272119 85.91 ms 10.252.204.1
272220 ...
272321 45.36 ms 10.252.204.1
272422 ... 27
272528 29.03 ms 10.252.204.1
272629 ...
272730 63.58 ms 10.252.204.1
2728#####################################################################################################################################
2729Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:36 EST
2730Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2731Host is up.
2732
2733PORT STATE SERVICE VERSION
273467/tcp filtered dhcps
273567/udp open|filtered dhcps
2736|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2737Too many fingerprints match this host to give specific OS details
2738
2739TRACEROUTE (using proto 1/icmp)
2740HOP RTT ADDRESS
27411 63.95 ms 10.252.204.1
27422 104.33 ms 104.245.145.177
27433 104.38 ms 104.245.147.41
27444 104.42 ms amazon-a.ip4.torontointernetxchange.net (206.108.35.36)
27455 104.44 ms 52.93.3.132
27466 104.43 ms 52.93.3.141
27477 104.49 ms 54.239.44.171
27488 104.53 ms 54.239.42.73
27499 104.53 ms 54.240.229.143
275010 ... 19
275120 62.38 ms 52.93.29.42
275221 ... 30
2753######################################################################################################################################
2754Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:38 EST
2755Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2756Host is up.
2757
2758PORT STATE SERVICE VERSION
275968/tcp filtered dhcpc
276068/udp open|filtered dhcpc
2761Too many fingerprints match this host to give specific OS details
2762
2763TRACEROUTE (using proto 1/icmp)
2764HOP RTT ADDRESS
27651 83.19 ms 10.252.204.1
27662 83.24 ms 104.245.145.177
27673 83.26 ms 104.245.147.41
27684 83.30 ms amazon-a.ip4.torontointernetxchange.net (206.108.35.36)
27695 83.33 ms 52.93.3.132
27706 83.35 ms 52.93.3.141
27717 83.39 ms 54.239.44.171
27728 83.41 ms 54.239.42.73
27739 83.39 ms 54.240.229.143
277410 ... 19
277520 64.63 ms 52.93.29.42
277621 ... 30
2777#####################################################################################################################################
2778Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:40 EST
2779Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2780Host is up.
2781
2782PORT STATE SERVICE VERSION
278369/tcp filtered tftp
278469/udp open|filtered tftp
2785Too many fingerprints match this host to give specific OS details
2786
2787TRACEROUTE (using proto 1/icmp)
2788HOP RTT ADDRESS
27891 75.42 ms 10.252.204.1
27902 75.46 ms 104.245.145.177
27913 75.48 ms 104.245.147.41
27924 75.54 ms amazon-a.ip4.torontointernetxchange.net (206.108.35.36)
27935 75.56 ms 52.93.3.132
27946 75.54 ms 52.93.3.141
27957 75.59 ms 54.239.44.171
27968 75.62 ms 54.239.42.73
27979 75.64 ms 54.240.229.143
279810 ... 19
279920 118.70 ms 52.93.29.42
280021 ... 30
2801####################################################################################################################################
2802wig - WebApp Information Gatherer
2803
2804
2805Scanning http://184.72.111.210...
2806____________________________________________ SITE INFO _____________________________________________
2807IP Title
2808184.72.111.210
2809
2810_____________________________________________ VERSION ______________________________________________
2811Name Versions Type
2812microsoft-httpapi 2.0 Platform
2813Microsoft Windows 7 OS
2814Microsoft Windows Server 2003 SP2 | 2003 SP3 | 2008 | 2008 R2 | 2012 | 2012 R2 OS
2815
2816____________________________________________________________________________________________________
2817Time: 13.4 sec Urls: 599 Fingerprints: 40401
2818#####################################################################################################################################
2819HTTP/1.1 404 Not Found
2820Content-Length: 315
2821Content-Type: text/html; charset=us-ascii
2822Server: Microsoft-HTTPAPI/2.0
2823Date: Wed, 08 Jan 2020 03:42:58 GMT
2824Connection: close
2825
2826HTTP/1.1 404 Not Found
2827Content-Length: 315
2828Content-Type: text/html; charset=us-ascii
2829Server: Microsoft-HTTPAPI/2.0
2830Date: Wed, 08 Jan 2020 03:42:58 GMT
2831Connection: close
2832#####################################################################################################################################
2833Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:43 EST
2834Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2835Host is up.
2836
2837PORT STATE SERVICE VERSION
2838123/tcp filtered ntp
2839123/udp open|filtered ntp
2840Too many fingerprints match this host to give specific OS details
2841
2842TRACEROUTE (using proto 1/icmp)
2843HOP RTT ADDRESS
28441 59.98 ms 10.252.204.1
28452 94.04 ms 104.245.145.177
28463 94.09 ms 104.245.147.41
28474 94.12 ms amazon-a.ip4.torontointernetxchange.net (206.108.35.36)
28485 94.15 ms 52.93.3.132
28496 94.13 ms 52.93.3.141
28507 94.19 ms 54.239.44.171
28518 94.21 ms 54.239.42.73
28529 94.24 ms 54.240.229.143
285310 ... 19
285420 64.97 ms 52.93.29.42
285521 ... 30
2856#####################################################################################################################################
2857Version: 1.11.13-static
2858OpenSSL 1.0.2-chacha (1.0.2g-dev)
2859
2860Connected to 184.72.111.210
2861
2862Testing SSL server 184.72.111.210 on port 443 using SNI name 184.72.111.210
2863
2864 TLS Fallback SCSV:
2865Server does not support TLS Fallback SCSV
2866
2867 TLS renegotiation:
2868Secure session renegotiation supported
2869
2870 TLS Compression:
2871Compression disabled
2872
2873 Heartbleed:
2874TLS 1.2 not vulnerable to heartbleed
2875TLS 1.1 not vulnerable to heartbleed
2876TLS 1.0 not vulnerable to heartbleed
2877
2878 Supported Server Cipher(s):
2879Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-384 DHE 384
2880Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2881Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2882Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2883Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-384 DHE 384
2884Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2885Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
2886Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2887Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2888Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2889Accepted TLSv1.2 256 bits AES256-SHA256
2890Accepted TLSv1.2 128 bits AES128-SHA256
2891Accepted TLSv1.2 256 bits AES256-SHA
2892Accepted TLSv1.2 128 bits AES128-SHA
2893Accepted TLSv1.2 112 bits DES-CBC3-SHA
2894Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
2895Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2896Accepted TLSv1.1 256 bits AES256-SHA
2897Accepted TLSv1.1 128 bits AES128-SHA
2898Accepted TLSv1.1 112 bits DES-CBC3-SHA
2899Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-384 DHE 384
2900Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2901Accepted TLSv1.0 256 bits AES256-SHA
2902Accepted TLSv1.0 128 bits AES128-SHA
2903Accepted TLSv1.0 112 bits DES-CBC3-SHA
2904
2905 SSL Certificate:
2906Signature Algorithm: sha256WithRSAEncryption
2907RSA Key Strength: 2048
2908
2909Subject: *.texasagriculture.gov
2910Altnames: DNS:*.texasagriculture.gov, DNS:texasagriculture.gov
2911Issuer: Entrust Certification Authority - L1K
2912
2913Not valid before: Apr 22 21:48:07 2019 GMT
2914Not valid after: Apr 21 22:18:07 2021 GMT
2915#####################################################################################################################################
2916Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:48 EST
2917Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2918Host is up (0.11s latency).
2919Not shown: 65530 filtered ports
2920PORT STATE SERVICE VERSION
292125/tcp closed smtp
292280/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2923|_http-server-header: Microsoft-HTTPAPI/2.0
2924|_http-title: Not Found
2925139/tcp closed netbios-ssn
2926443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2927|_http-server-header: Microsoft-HTTPAPI/2.0
2928|_http-title: Not Found
2929| ssl-cert: Subject: commonName=*.texasagriculture.gov/organizationName=Texas Department of Agriculture/stateOrProvinceName=Texas/countryName=US
2930| Subject Alternative Name: DNS:*.texasagriculture.gov, DNS:texasagriculture.gov
2931| Not valid before: 2019-04-22T21:48:07
2932|_Not valid after: 2021-04-21T22:18:07
2933|_ssl-date: 2020-01-08T03:50:02+00:00; -2s from scanner time.
2934| tls-alpn:
2935|_ http/1.1
2936445/tcp closed microsoft-ds
2937Device type: general purpose
2938Running (JUST GUESSING): Linux 2.6.X (90%)
2939OS CPE: cpe:/o:linux:linux_kernel:2.6
2940Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%)
2941No exact OS matches for host (test conditions non-ideal).
2942Network Distance: 2 hops
2943Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2944
2945Host script results:
2946|_clock-skew: -2s
2947
2948TRACEROUTE (using port 445/tcp)
2949HOP RTT ADDRESS
29501 134.24 ms 10.252.204.1
29512 134.24 ms ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2952######################################################################################################################################
2953Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:50 EST
2954Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2955Host is up (0.079s latency).
2956
2957PORT STATE SERVICE VERSION
295853/tcp filtered domain
295967/tcp filtered dhcps
296068/tcp filtered dhcpc
296169/tcp filtered tftp
296288/tcp filtered kerberos-sec
2963123/tcp filtered ntp
2964137/tcp filtered netbios-ns
2965138/tcp filtered netbios-dgm
2966139/tcp closed netbios-ssn
2967161/tcp filtered snmp
2968162/tcp filtered snmptrap
2969389/tcp filtered ldap
2970520/tcp filtered efs
29712049/tcp filtered nfs
297253/udp open|filtered domain
297367/udp open|filtered dhcps
297468/udp open|filtered dhcpc
297569/udp open|filtered tftp
297688/udp open|filtered kerberos-sec
2977123/udp open|filtered ntp
2978137/udp filtered netbios-ns
2979138/udp filtered netbios-dgm
2980139/udp open|filtered netbios-ssn
2981161/udp open|filtered snmp
2982162/udp open|filtered snmptrap
2983389/udp open|filtered ldap
2984520/udp open|filtered route
29852049/udp open|filtered nfs
2986Too many fingerprints match this host to give specific OS details
2987Network Distance: 2 hops
2988
2989TRACEROUTE (using port 139/tcp)
2990HOP RTT ADDRESS
29911 98.21 ms 10.252.204.1
29922 98.19 ms ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
2993#####################################################################################################################################
2994Hosts
2995=====
2996
2997address mac name os_name os_flavor os_sp purpose info comments
2998------- --- ---- ------- --------- ----- ------- ---- --------
299934.66.191.217 217.191.66.34.bc.googleusercontent.com Linux 2.4.X server
300072.47.224.85 agaacqmame.c03.gridserver.com embedded device
300180.82.79.116 no-reverse-dns-configured.com Linux 7.0 server
300287.247.240.207 crayford.servers.prgn.misp.co.uk Android 5.X device
300389.248.172.200 89-248-172-200.constellationservers.net Linux 8.0 server
300493.174.93.84 Linux 3.X server
300594.102.51.33 full-dark.net Linux 2.6.X server
3006104.154.60.12 12.60.154.104.bc.googleusercontent.com Linux 2.6.X server
3007107.154.130.27 107.154.130.27.ip.incapdns.net Linux 3.X server
3008107.154.248.27 107.154.248.27.ip.incapdns.net Linux 3.X server
3009147.237.0.206 embedded device
3010151.139.243.11 Linux 4.X server
3011163.247.52.17 www.mtt.cl Linux 2.6.X server
3012163.247.96.10 Linux 2.6.X server
3013170.246.172.178 host-170-246-172-178.anacondaweb.com Linux 2.6.X server
3014184.72.111.210 ec2-184-72-111-210.compute-1.amazonaws.com Linux 2.6.X server
3015185.68.93.22 verbatim1981.example.com Unknown device
3016185.119.173.237 Linux 2.6.X server
3017186.67.91.110 ipj10-110.poderjudicial.cl Linux 2.6.X server
3018194.18.73.2 www.sakerhetspolisen.se Linux 2.6.X server
3019194.39.164.140 194.39.164.140.srvlist.ukfast.net Linux 3.X server
3020200.35.157.77 srv77.talcaguia.cl Unknown device
3021201.131.38.40 Linux 2.6.X server
3022217.160.131.142 s18161039.onlinehome-server.info Linux 2.6.X server
3023#####################################################################################################################################
3024Services
3025========
3026
3027host port proto name state info
3028---- ---- ----- ---- ----- ----
302934.66.191.217 25 tcp smtp closed
303034.66.191.217 53 tcp domain filtered
303134.66.191.217 53 udp domain unknown
303234.66.191.217 67 tcp dhcps filtered
303334.66.191.217 67 udp dhcps unknown
303434.66.191.217 68 tcp dhcpc filtered
303534.66.191.217 68 udp dhcpc unknown
303634.66.191.217 69 tcp tftp filtered
303734.66.191.217 69 udp tftp unknown
303834.66.191.217 80 tcp http open nginx
303934.66.191.217 88 tcp kerberos-sec filtered
304034.66.191.217 88 udp kerberos-sec unknown
304134.66.191.217 123 tcp ntp filtered
304234.66.191.217 123 udp ntp unknown
304334.66.191.217 137 tcp netbios-ns filtered
304434.66.191.217 137 udp netbios-ns filtered
304534.66.191.217 138 tcp netbios-dgm filtered
304634.66.191.217 138 udp netbios-dgm filtered
304734.66.191.217 139 tcp netbios-ssn closed
304834.66.191.217 139 udp netbios-ssn unknown
304934.66.191.217 161 tcp snmp filtered
305034.66.191.217 161 udp snmp unknown
305134.66.191.217 162 tcp snmptrap filtered
305234.66.191.217 162 udp snmptrap unknown
305334.66.191.217 389 tcp ldap filtered
305434.66.191.217 389 udp ldap unknown
305534.66.191.217 443 tcp ssl/http open nginx
305634.66.191.217 445 tcp microsoft-ds closed
305734.66.191.217 520 tcp efs filtered
305834.66.191.217 520 udp route unknown
305934.66.191.217 2049 tcp nfs filtered
306034.66.191.217 2049 udp nfs unknown
306134.66.191.217 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
306272.47.224.85 25 tcp smtp closed
306372.47.224.85 53 tcp domain filtered
306472.47.224.85 53 udp domain unknown
306572.47.224.85 67 tcp dhcps filtered
306672.47.224.85 67 udp dhcps unknown
306772.47.224.85 68 tcp dhcpc filtered
306872.47.224.85 68 udp dhcpc unknown
306972.47.224.85 69 tcp tftp filtered
307072.47.224.85 69 udp tftp unknown
307172.47.224.85 80 tcp http open Apache httpd 2.4.39
307272.47.224.85 88 tcp kerberos-sec filtered
307372.47.224.85 88 udp kerberos-sec unknown
307472.47.224.85 110 tcp pop3 open Dovecot pop3d
307572.47.224.85 123 tcp ntp filtered
307672.47.224.85 123 udp ntp unknown
307772.47.224.85 137 tcp netbios-ns filtered
307872.47.224.85 137 udp netbios-ns filtered
307972.47.224.85 138 tcp netbios-dgm filtered
308072.47.224.85 138 udp netbios-dgm filtered
308172.47.224.85 139 tcp netbios-ssn closed
308272.47.224.85 139 udp netbios-ssn unknown
308372.47.224.85 143 tcp imap open Dovecot imapd
308472.47.224.85 161 tcp snmp filtered
308572.47.224.85 161 udp snmp unknown
308672.47.224.85 162 tcp snmptrap filtered
308772.47.224.85 162 udp snmptrap unknown
308872.47.224.85 389 tcp ldap filtered
308972.47.224.85 389 udp ldap unknown
309072.47.224.85 443 tcp ssl/http open nginx 1.16.1
309172.47.224.85 445 tcp microsoft-ds closed
309272.47.224.85 465 tcp ssl/smtp open Exim smtpd 4.84_2
309372.47.224.85 520 tcp efs filtered
309472.47.224.85 520 udp route unknown
309572.47.224.85 587 tcp smtp open Exim smtpd 4.84_2
309672.47.224.85 993 tcp ssl/imaps open
309772.47.224.85 995 tcp ssl/pop3s open
309872.47.224.85 2049 tcp nfs filtered
309972.47.224.85 2049 udp nfs unknown
310080.82.79.116 21 tcp ftp open 220 (vsFTPd 3.0.2)\x0d\x0a
310180.82.79.116 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
310280.82.79.116 53 tcp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
310380.82.79.116 53 udp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
310480.82.79.116 67 tcp dhcps closed
310580.82.79.116 67 udp dhcps closed
310680.82.79.116 68 tcp dhcpc closed
310780.82.79.116 68 udp dhcpc closed
310880.82.79.116 69 tcp tftp closed
310980.82.79.116 69 udp tftp unknown
311080.82.79.116 88 tcp kerberos-sec closed
311180.82.79.116 88 udp kerberos-sec unknown
311280.82.79.116 123 tcp ntp closed
311380.82.79.116 123 udp ntp unknown
311480.82.79.116 137 tcp netbios-ns closed
311580.82.79.116 137 udp netbios-ns filtered
311680.82.79.116 138 tcp netbios-dgm closed
311780.82.79.116 138 udp netbios-dgm filtered
311880.82.79.116 139 tcp netbios-ssn closed
311980.82.79.116 139 udp netbios-ssn unknown
312080.82.79.116 161 tcp snmp closed
312180.82.79.116 161 udp snmp closed
312280.82.79.116 162 tcp snmptrap closed
312380.82.79.116 162 udp snmptrap closed
312480.82.79.116 389 tcp ldap closed
312580.82.79.116 389 udp ldap closed
312680.82.79.116 520 tcp efs closed
312780.82.79.116 520 udp route closed
312880.82.79.116 2049 tcp nfs closed
312980.82.79.116 2049 udp nfs unknown
313087.247.240.207 21 tcp ftp open ProFTPD
313187.247.240.207 22 tcp ssh open OpenSSH 7.4 protocol 2.0
313287.247.240.207 67 udp dhcps unknown
313387.247.240.207 68 udp dhcpc unknown
313487.247.240.207 69 udp tftp unknown
313587.247.240.207 80 tcp http open Apache httpd
313687.247.240.207 88 udp kerberos-sec unknown
313787.247.240.207 110 tcp pop3 open Dovecot pop3d
313887.247.240.207 123 udp ntp unknown
313987.247.240.207 139 udp netbios-ssn unknown
314087.247.240.207 143 tcp imap open Dovecot imapd
314187.247.240.207 161 udp snmp unknown
314287.247.240.207 162 udp snmptrap unknown
314387.247.240.207 389 udp ldap unknown
314487.247.240.207 443 tcp ssl/http open Apache httpd
314587.247.240.207 465 tcp ssl/smtp open Exim smtpd 4.92
314687.247.240.207 520 udp route unknown
314787.247.240.207 587 tcp smtp open Exim smtpd 4.92
314887.247.240.207 993 tcp ssl/imaps open
314987.247.240.207 995 tcp ssl/pop3s open
315087.247.240.207 2049 udp nfs unknown
315189.248.172.200 22 tcp ssh open SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
315289.248.172.200 53 tcp domain closed
315389.248.172.200 53 udp domain closed
315489.248.172.200 67 tcp dhcps closed
315589.248.172.200 67 udp dhcps closed
315689.248.172.200 68 tcp dhcpc closed
315789.248.172.200 68 udp dhcpc closed
315889.248.172.200 69 tcp tftp closed
315989.248.172.200 69 udp tftp closed
316089.248.172.200 88 tcp kerberos-sec closed
316189.248.172.200 88 udp kerberos-sec unknown
316289.248.172.200 123 tcp ntp closed
316389.248.172.200 123 udp ntp unknown
316489.248.172.200 137 tcp netbios-ns closed
316589.248.172.200 137 udp netbios-ns filtered
316689.248.172.200 138 tcp netbios-dgm closed
316789.248.172.200 138 udp netbios-dgm filtered
316889.248.172.200 139 tcp netbios-ssn closed
316989.248.172.200 139 udp netbios-ssn closed
317089.248.172.200 161 tcp snmp closed
317189.248.172.200 161 udp snmp closed
317289.248.172.200 162 tcp snmptrap closed
317389.248.172.200 162 udp snmptrap unknown
317489.248.172.200 389 tcp ldap closed
317589.248.172.200 389 udp ldap closed
317689.248.172.200 520 tcp efs closed
317789.248.172.200 520 udp route closed
317889.248.172.200 2049 tcp nfs closed
317989.248.172.200 2049 udp nfs unknown
318093.174.93.84 21 tcp ftp open vsftpd 3.0.2
318193.174.93.84 25 tcp smtp closed
318293.174.93.84 53 tcp domain filtered
318393.174.93.84 53 udp domain filtered
318493.174.93.84 67 tcp dhcps filtered
318593.174.93.84 67 udp dhcps filtered
318693.174.93.84 68 tcp dhcpc filtered
318793.174.93.84 68 udp dhcpc unknown
318893.174.93.84 69 tcp tftp filtered
318993.174.93.84 69 udp tftp unknown
319093.174.93.84 80 tcp http open Apache httpd 2.4.6 (CentOS) PHP/5.4.16
319193.174.93.84 88 tcp kerberos-sec filtered
319293.174.93.84 88 udp kerberos-sec unknown
319393.174.93.84 123 tcp ntp filtered
319493.174.93.84 123 udp ntp filtered
319593.174.93.84 137 tcp netbios-ns filtered
319693.174.93.84 137 udp netbios-ns filtered
319793.174.93.84 138 tcp netbios-dgm filtered
319893.174.93.84 138 udp netbios-dgm filtered
319993.174.93.84 139 tcp netbios-ssn closed
320093.174.93.84 139 udp netbios-ssn unknown
320193.174.93.84 161 tcp snmp filtered
320293.174.93.84 161 udp snmp unknown
320393.174.93.84 162 tcp snmptrap filtered
320493.174.93.84 162 udp snmptrap unknown
320593.174.93.84 389 tcp ldap filtered
320693.174.93.84 389 udp ldap filtered
320793.174.93.84 445 tcp microsoft-ds closed
320893.174.93.84 520 tcp efs filtered
320993.174.93.84 520 udp route unknown
321093.174.93.84 2049 tcp nfs filtered
321193.174.93.84 2049 udp nfs unknown
321294.102.51.33 22 tcp ssh open
321394.102.51.33 53 tcp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
321494.102.51.33 53 udp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
321594.102.51.33 67 tcp dhcps filtered
321694.102.51.33 67 udp dhcps unknown
321794.102.51.33 68 tcp dhcpc filtered
321894.102.51.33 68 udp dhcpc unknown
321994.102.51.33 69 tcp tftp filtered
322094.102.51.33 69 udp tftp unknown
322194.102.51.33 80 tcp http open nginx
322294.102.51.33 88 tcp kerberos-sec filtered
322394.102.51.33 88 udp kerberos-sec unknown
322494.102.51.33 110 tcp pop3 open Dovecot pop3d
322594.102.51.33 123 tcp ntp filtered
322694.102.51.33 123 udp ntp unknown
322794.102.51.33 137 tcp netbios-ns filtered
322894.102.51.33 137 udp netbios-ns filtered
322994.102.51.33 138 tcp netbios-dgm filtered
323094.102.51.33 138 udp netbios-dgm filtered
323194.102.51.33 139 tcp netbios-ssn closed
323294.102.51.33 139 udp netbios-ssn unknown
323394.102.51.33 143 tcp imap open Dovecot imapd
323494.102.51.33 161 tcp snmp filtered
323594.102.51.33 161 udp snmp unknown
323694.102.51.33 162 tcp snmptrap filtered
323794.102.51.33 162 udp snmptrap unknown
323894.102.51.33 389 tcp ldap filtered
323994.102.51.33 389 udp ldap unknown
324094.102.51.33 465 tcp ssl/smtp open Exim smtpd 4.89
324194.102.51.33 520 tcp efs filtered
324294.102.51.33 520 udp route unknown
324394.102.51.33 993 tcp ssl/imaps open
324494.102.51.33 995 tcp ssl/pop3s open
324594.102.51.33 2049 tcp nfs filtered
324694.102.51.33 2049 udp nfs unknown
3247104.154.60.12 25 tcp smtp closed
3248104.154.60.12 53 tcp domain filtered
3249104.154.60.12 53 udp domain unknown
3250104.154.60.12 67 tcp dhcps filtered
3251104.154.60.12 67 udp dhcps unknown
3252104.154.60.12 68 tcp dhcpc filtered
3253104.154.60.12 68 udp dhcpc unknown
3254104.154.60.12 69 tcp tftp filtered
3255104.154.60.12 69 udp tftp unknown
3256104.154.60.12 80 tcp http open nginx
3257104.154.60.12 88 tcp kerberos-sec filtered
3258104.154.60.12 88 udp kerberos-sec unknown
3259104.154.60.12 123 tcp ntp filtered
3260104.154.60.12 123 udp ntp unknown
3261104.154.60.12 137 tcp netbios-ns filtered
3262104.154.60.12 137 udp netbios-ns filtered
3263104.154.60.12 138 tcp netbios-dgm filtered
3264104.154.60.12 138 udp netbios-dgm filtered
3265104.154.60.12 139 tcp netbios-ssn closed
3266104.154.60.12 139 udp netbios-ssn unknown
3267104.154.60.12 161 tcp snmp filtered
3268104.154.60.12 161 udp snmp unknown
3269104.154.60.12 162 tcp snmptrap filtered
3270104.154.60.12 162 udp snmptrap unknown
3271104.154.60.12 389 tcp ldap filtered
3272104.154.60.12 389 udp ldap unknown
3273104.154.60.12 443 tcp ssl/http open nginx
3274104.154.60.12 445 tcp microsoft-ds closed
3275104.154.60.12 520 tcp efs filtered
3276104.154.60.12 520 udp route unknown
3277104.154.60.12 2049 tcp nfs filtered
3278104.154.60.12 2049 udp nfs unknown
3279104.154.60.12 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
3280107.154.130.27 53 tcp domain open
3281107.154.130.27 53 udp domain open
3282107.154.130.27 67 tcp dhcps filtered
3283107.154.130.27 67 udp dhcps unknown
3284107.154.130.27 68 tcp dhcpc filtered
3285107.154.130.27 68 udp dhcpc unknown
3286107.154.130.27 69 tcp tftp filtered
3287107.154.130.27 69 udp tftp unknown
3288107.154.130.27 88 tcp http open Incapsula CDN httpd
3289107.154.130.27 88 udp kerberos-sec unknown
3290107.154.130.27 123 tcp ntp filtered
3291107.154.130.27 123 udp ntp unknown
3292107.154.130.27 137 tcp netbios-ns filtered
3293107.154.130.27 137 udp netbios-ns filtered
3294107.154.130.27 138 tcp netbios-dgm filtered
3295107.154.130.27 138 udp netbios-dgm filtered
3296107.154.130.27 139 tcp netbios-ssn closed
3297107.154.130.27 139 udp netbios-ssn unknown
3298107.154.130.27 161 tcp snmp filtered
3299107.154.130.27 161 udp snmp unknown
3300107.154.130.27 162 tcp snmptrap filtered
3301107.154.130.27 162 udp snmptrap unknown
3302107.154.130.27 389 tcp ssl/http open Incapsula CDN httpd
3303107.154.130.27 389 udp ldap unknown
3304107.154.130.27 520 tcp efs filtered
3305107.154.130.27 520 udp route unknown
3306107.154.130.27 2049 tcp http open Incapsula CDN httpd
3307107.154.130.27 2049 udp nfs unknown
3308107.154.248.27 53 tcp domain open
3309107.154.248.27 80 tcp http open Incapsula CDN httpd
3310107.154.248.27 81 tcp http open Incapsula CDN httpd
3311107.154.248.27 85 tcp http open Incapsula CDN httpd
3312107.154.248.27 88 tcp http open Incapsula CDN httpd
3313107.154.248.27 389 tcp ssl/http open Incapsula CDN httpd
3314107.154.248.27 443 tcp ssl/http open Incapsula CDN httpd
3315107.154.248.27 444 tcp ssl/http open Incapsula CDN httpd
3316107.154.248.27 446 tcp http open Incapsula CDN httpd
3317107.154.248.27 587 tcp http open Incapsula CDN httpd
3318107.154.248.27 631 tcp http open Incapsula CDN httpd
3319107.154.248.27 888 tcp http open Incapsula CDN httpd
3320107.154.248.27 995 tcp ssl/http open Incapsula CDN httpd
3321107.154.248.27 998 tcp ssl/http open Incapsula CDN httpd
3322107.154.248.27 999 tcp http open Incapsula CDN httpd
3323107.154.248.27 1000 tcp http open Incapsula CDN httpd
3324107.154.248.27 1024 tcp http open Incapsula CDN httpd
3325107.154.248.27 1103 tcp http open Incapsula CDN httpd
3326107.154.248.27 1234 tcp http open Incapsula CDN httpd
3327107.154.248.27 1433 tcp http open Incapsula CDN httpd
3328107.154.248.27 1494 tcp http open Incapsula CDN httpd
3329107.154.248.27 2000 tcp ssl/http open Incapsula CDN httpd
3330107.154.248.27 2001 tcp http open Incapsula CDN httpd
3331107.154.248.27 2049 tcp http open Incapsula CDN httpd
3332107.154.248.27 2067 tcp http open Incapsula CDN httpd
3333107.154.248.27 2100 tcp ssl/http open Incapsula CDN httpd
3334107.154.248.27 2222 tcp http open Incapsula CDN httpd
3335107.154.248.27 2598 tcp http open Incapsula CDN httpd
3336107.154.248.27 3000 tcp http open Incapsula CDN httpd
3337107.154.248.27 3050 tcp http open Incapsula CDN httpd
3338107.154.248.27 3057 tcp http open Incapsula CDN httpd
3339107.154.248.27 3299 tcp http open Incapsula CDN httpd
3340107.154.248.27 3306 tcp ssl/http open Incapsula CDN httpd
3341107.154.248.27 3333 tcp http open Incapsula CDN httpd
3342107.154.248.27 3389 tcp ssl/http open Incapsula CDN httpd
3343107.154.248.27 3500 tcp http open Incapsula CDN httpd
3344107.154.248.27 3790 tcp http open Incapsula CDN httpd
3345107.154.248.27 4000 tcp http open Incapsula CDN httpd
3346107.154.248.27 4444 tcp ssl/http open Incapsula CDN httpd
3347107.154.248.27 4445 tcp ssl/http open Incapsula CDN httpd
3348107.154.248.27 5000 tcp http open Incapsula CDN httpd
3349107.154.248.27 5009 tcp http open Incapsula CDN httpd
3350107.154.248.27 5060 tcp ssl/http open Incapsula CDN httpd
3351107.154.248.27 5061 tcp ssl/http open Incapsula CDN httpd
3352107.154.248.27 5227 tcp ssl/http open Incapsula CDN httpd
3353107.154.248.27 5247 tcp ssl/http open Incapsula CDN httpd
3354107.154.248.27 5250 tcp ssl/http open Incapsula CDN httpd
3355107.154.248.27 5555 tcp http open Incapsula CDN httpd
3356107.154.248.27 5900 tcp http open Incapsula CDN httpd
3357107.154.248.27 5901 tcp ssl/http open Incapsula CDN httpd
3358107.154.248.27 5902 tcp ssl/http open Incapsula CDN httpd
3359107.154.248.27 5903 tcp ssl/http open Incapsula CDN httpd
3360107.154.248.27 5904 tcp ssl/http open Incapsula CDN httpd
3361107.154.248.27 5905 tcp ssl/http open Incapsula CDN httpd
3362107.154.248.27 5906 tcp ssl/http open Incapsula CDN httpd
3363107.154.248.27 5907 tcp ssl/http open Incapsula CDN httpd
3364107.154.248.27 5908 tcp ssl/http open Incapsula CDN httpd
3365107.154.248.27 5909 tcp ssl/http open Incapsula CDN httpd
3366107.154.248.27 5910 tcp ssl/http open Incapsula CDN httpd
3367107.154.248.27 5920 tcp ssl/http open Incapsula CDN httpd
3368107.154.248.27 5984 tcp ssl/http open Incapsula CDN httpd
3369107.154.248.27 5985 tcp http open Incapsula CDN httpd
3370107.154.248.27 5986 tcp ssl/http open Incapsula CDN httpd
3371107.154.248.27 5999 tcp ssl/http open Incapsula CDN httpd
3372107.154.248.27 6000 tcp http open Incapsula CDN httpd
3373107.154.248.27 6060 tcp http open Incapsula CDN httpd
3374107.154.248.27 6161 tcp http open Incapsula CDN httpd
3375107.154.248.27 6379 tcp http open Incapsula CDN httpd
3376107.154.248.27 6661 tcp ssl/http open Incapsula CDN httpd
3377107.154.248.27 6789 tcp http open Incapsula CDN httpd
3378107.154.248.27 7000 tcp ssl/http open Incapsula CDN httpd
3379107.154.248.27 7001 tcp http open Incapsula CDN httpd
3380107.154.248.27 7021 tcp http open Incapsula CDN httpd
3381107.154.248.27 7071 tcp ssl/http open Incapsula CDN httpd
3382107.154.248.27 7080 tcp http open Incapsula CDN httpd
3383107.154.248.27 7272 tcp ssl/http open Incapsula CDN httpd
3384107.154.248.27 7443 tcp ssl/http open Incapsula CDN httpd
3385107.154.248.27 7700 tcp http open Incapsula CDN httpd
3386107.154.248.27 7777 tcp http open Incapsula CDN httpd
3387107.154.248.27 7778 tcp http open Incapsula CDN httpd
3388107.154.248.27 8000 tcp http open Incapsula CDN httpd
3389107.154.248.27 8001 tcp http open Incapsula CDN httpd
3390107.154.248.27 8008 tcp http open Incapsula CDN httpd
3391107.154.248.27 8014 tcp http open Incapsula CDN httpd
3392107.154.248.27 8020 tcp http open Incapsula CDN httpd
3393107.154.248.27 8023 tcp http open Incapsula CDN httpd
3394107.154.248.27 8028 tcp http open Incapsula CDN httpd
3395107.154.248.27 8030 tcp http open Incapsula CDN httpd
3396107.154.248.27 8050 tcp http open Incapsula CDN httpd
3397107.154.248.27 8051 tcp http open Incapsula CDN httpd
3398107.154.248.27 8080 tcp http open Incapsula CDN httpd
3399107.154.248.27 8081 tcp http open Incapsula CDN httpd
3400107.154.248.27 8082 tcp http open Incapsula CDN httpd
3401107.154.248.27 8085 tcp http open Incapsula CDN httpd
3402107.154.248.27 8086 tcp http open Incapsula CDN httpd
3403107.154.248.27 8087 tcp http open Incapsula CDN httpd
3404107.154.248.27 8088 tcp http open Incapsula CDN httpd
3405107.154.248.27 8090 tcp http open Incapsula CDN httpd
3406107.154.248.27 8091 tcp http open Incapsula CDN httpd
3407107.154.248.27 8095 tcp http open Incapsula CDN httpd
3408107.154.248.27 8101 tcp http open Incapsula CDN httpd
3409107.154.248.27 8161 tcp http open Incapsula CDN httpd
3410107.154.248.27 8180 tcp http open Incapsula CDN httpd
3411107.154.248.27 8222 tcp http open Incapsula CDN httpd
3412107.154.248.27 8333 tcp http open Incapsula CDN httpd
3413107.154.248.27 8443 tcp ssl/http open Incapsula CDN httpd
3414107.154.248.27 8444 tcp http open Incapsula CDN httpd
3415107.154.248.27 8445 tcp http open Incapsula CDN httpd
3416107.154.248.27 8503 tcp ssl/http open Incapsula CDN httpd
3417107.154.248.27 8686 tcp http open Incapsula CDN httpd
3418107.154.248.27 8787 tcp http open Incapsula CDN httpd
3419107.154.248.27 8800 tcp http open Incapsula CDN httpd
3420107.154.248.27 8812 tcp http open Incapsula CDN httpd
3421107.154.248.27 8834 tcp http open Incapsula CDN httpd
3422107.154.248.27 8880 tcp http open Incapsula CDN httpd
3423107.154.248.27 8888 tcp http open Incapsula CDN httpd
3424107.154.248.27 8889 tcp http open Incapsula CDN httpd
3425107.154.248.27 8890 tcp http open Incapsula CDN httpd
3426107.154.248.27 8899 tcp http open Incapsula CDN httpd
3427107.154.248.27 9000 tcp http open Incapsula CDN httpd
3428107.154.248.27 9001 tcp http open Incapsula CDN httpd
3429107.154.248.27 9002 tcp http open Incapsula CDN httpd
3430107.154.248.27 9003 tcp http open Incapsula CDN httpd
3431107.154.248.27 9004 tcp http open Incapsula CDN httpd
3432107.154.248.27 9005 tcp http open Incapsula CDN httpd
3433107.154.248.27 9010 tcp http open Incapsula CDN httpd
3434107.154.248.27 9050 tcp http open Incapsula CDN httpd
3435107.154.248.27 9080 tcp http open Incapsula CDN httpd
3436107.154.248.27 9081 tcp ssl/http open Incapsula CDN httpd
3437107.154.248.27 9084 tcp http open Incapsula CDN httpd
3438107.154.248.27 9090 tcp http open Incapsula CDN httpd
3439107.154.248.27 9099 tcp http open Incapsula CDN httpd
3440107.154.248.27 9100 tcp jetdirect open
3441107.154.248.27 9111 tcp http open Incapsula CDN httpd
3442107.154.248.27 9200 tcp http open Incapsula CDN httpd
3443107.154.248.27 9300 tcp http open Incapsula CDN httpd
3444107.154.248.27 9500 tcp http open Incapsula CDN httpd
3445107.154.248.27 9711 tcp ssl/http open Incapsula CDN httpd
3446107.154.248.27 9991 tcp http open Incapsula CDN httpd
3447107.154.248.27 9999 tcp http open Incapsula CDN httpd
3448107.154.248.27 10000 tcp http open Incapsula CDN httpd
3449107.154.248.27 10001 tcp http open Incapsula CDN httpd
3450107.154.248.27 10008 tcp http open Incapsula CDN httpd
3451107.154.248.27 10443 tcp ssl/http open Incapsula CDN httpd
3452107.154.248.27 11001 tcp ssl/http open Incapsula CDN httpd
3453107.154.248.27 12174 tcp http open Incapsula CDN httpd
3454107.154.248.27 12203 tcp http open Incapsula CDN httpd
3455107.154.248.27 12221 tcp http open Incapsula CDN httpd
3456107.154.248.27 12345 tcp http open Incapsula CDN httpd
3457107.154.248.27 12397 tcp http open Incapsula CDN httpd
3458107.154.248.27 12401 tcp http open Incapsula CDN httpd
3459107.154.248.27 14330 tcp http open Incapsula CDN httpd
3460107.154.248.27 16000 tcp http open Incapsula CDN httpd
3461107.154.248.27 20000 tcp http open Incapsula CDN httpd
3462107.154.248.27 20010 tcp ssl/http open Incapsula CDN httpd
3463107.154.248.27 25000 tcp ssl/http open Incapsula CDN httpd
3464107.154.248.27 30000 tcp http open Incapsula CDN httpd
3465107.154.248.27 44334 tcp ssl/http open Incapsula CDN httpd
3466107.154.248.27 50000 tcp http open Incapsula CDN httpd
3467107.154.248.27 50001 tcp ssl/http open Incapsula CDN httpd
3468107.154.248.27 50050 tcp ssl/http open Incapsula CDN httpd
3469147.237.0.206 53 udp domain unknown
3470147.237.0.206 67 udp dhcps unknown
3471147.237.0.206 68 udp dhcpc unknown
3472147.237.0.206 69 udp tftp unknown
3473147.237.0.206 80 tcp http open
3474147.237.0.206 88 udp kerberos-sec unknown
3475147.237.0.206 123 udp ntp unknown
3476147.237.0.206 139 udp netbios-ssn unknown
3477147.237.0.206 161 udp snmp unknown
3478147.237.0.206 162 udp snmptrap unknown
3479147.237.0.206 389 udp ldap unknown
3480147.237.0.206 443 tcp ssl/https open
3481147.237.0.206 520 udp route unknown
3482147.237.0.206 2049 udp nfs unknown
3483151.139.243.11 25 tcp smtp closed
3484151.139.243.11 53 tcp domain filtered
3485151.139.243.11 53 udp domain unknown
3486151.139.243.11 67 tcp dhcps filtered
3487151.139.243.11 67 udp dhcps unknown
3488151.139.243.11 68 tcp dhcpc filtered
3489151.139.243.11 68 udp dhcpc unknown
3490151.139.243.11 69 tcp tftp filtered
3491151.139.243.11 69 udp tftp unknown
3492151.139.243.11 80 tcp http open Varnish
3493151.139.243.11 88 tcp kerberos-sec filtered
3494151.139.243.11 88 udp kerberos-sec unknown
3495151.139.243.11 123 tcp ntp filtered
3496151.139.243.11 123 udp ntp unknown
3497151.139.243.11 137 tcp netbios-ns filtered
3498151.139.243.11 137 udp netbios-ns filtered
3499151.139.243.11 138 tcp netbios-dgm filtered
3500151.139.243.11 138 udp netbios-dgm filtered
3501151.139.243.11 139 tcp netbios-ssn closed
3502151.139.243.11 139 udp netbios-ssn unknown
3503151.139.243.11 161 tcp snmp filtered
3504151.139.243.11 161 udp snmp unknown
3505151.139.243.11 162 tcp snmptrap filtered
3506151.139.243.11 162 udp snmptrap unknown
3507151.139.243.11 389 tcp ldap filtered
3508151.139.243.11 389 udp ldap unknown
3509151.139.243.11 443 tcp ssl/http open nginx
3510151.139.243.11 445 tcp microsoft-ds closed
3511151.139.243.11 520 tcp efs filtered
3512151.139.243.11 520 udp route unknown
3513151.139.243.11 2049 tcp nfs filtered
3514151.139.243.11 2049 udp nfs unknown
3515163.247.52.17 25 tcp smtp closed
3516163.247.52.17 53 tcp domain filtered
3517163.247.52.17 53 udp domain unknown
3518163.247.52.17 67 tcp dhcps filtered
3519163.247.52.17 67 udp dhcps unknown
3520163.247.52.17 68 tcp dhcpc filtered
3521163.247.52.17 68 udp dhcpc unknown
3522163.247.52.17 69 tcp tftp filtered
3523163.247.52.17 69 udp tftp unknown
3524163.247.52.17 80 tcp http open Apache httpd
3525163.247.52.17 88 tcp kerberos-sec filtered
3526163.247.52.17 88 udp kerberos-sec unknown
3527163.247.52.17 113 tcp ident closed
3528163.247.52.17 123 tcp ntp filtered
3529163.247.52.17 123 udp ntp unknown
3530163.247.52.17 137 tcp netbios-ns filtered
3531163.247.52.17 137 udp netbios-ns filtered
3532163.247.52.17 138 tcp netbios-dgm filtered
3533163.247.52.17 138 udp netbios-dgm filtered
3534163.247.52.17 139 tcp netbios-ssn closed
3535163.247.52.17 139 udp netbios-ssn unknown
3536163.247.52.17 161 tcp snmp filtered
3537163.247.52.17 161 udp snmp unknown
3538163.247.52.17 162 tcp snmptrap filtered
3539163.247.52.17 162 udp snmptrap unknown
3540163.247.52.17 389 tcp ldap filtered
3541163.247.52.17 389 udp ldap unknown
3542163.247.52.17 443 tcp ssl/https open
3543163.247.52.17 445 tcp microsoft-ds closed
3544163.247.52.17 520 tcp efs filtered
3545163.247.52.17 520 udp route unknown
3546163.247.52.17 2049 tcp nfs filtered
3547163.247.52.17 2049 udp nfs unknown
3548163.247.96.10 25 tcp smtp closed
3549163.247.96.10 53 tcp domain filtered
3550163.247.96.10 53 udp domain unknown
3551163.247.96.10 67 tcp dhcps filtered
3552163.247.96.10 67 udp dhcps unknown
3553163.247.96.10 68 tcp dhcpc filtered
3554163.247.96.10 68 udp dhcpc unknown
3555163.247.96.10 69 tcp tftp filtered
3556163.247.96.10 69 udp tftp unknown
3557163.247.96.10 80 tcp http open Apache httpd 2.2.22
3558163.247.96.10 88 tcp kerberos-sec filtered
3559163.247.96.10 88 udp kerberos-sec unknown
3560163.247.96.10 113 tcp ident closed
3561163.247.96.10 123 tcp ntp filtered
3562163.247.96.10 123 udp ntp unknown
3563163.247.96.10 137 tcp netbios-ns filtered
3564163.247.96.10 137 udp netbios-ns filtered
3565163.247.96.10 138 tcp netbios-dgm filtered
3566163.247.96.10 138 udp netbios-dgm filtered
3567163.247.96.10 139 tcp netbios-ssn closed
3568163.247.96.10 139 udp netbios-ssn unknown
3569163.247.96.10 161 tcp snmp filtered
3570163.247.96.10 161 udp snmp unknown
3571163.247.96.10 162 tcp snmptrap filtered
3572163.247.96.10 162 udp snmptrap unknown
3573163.247.96.10 389 tcp ldap filtered
3574163.247.96.10 389 udp ldap unknown
3575163.247.96.10 445 tcp microsoft-ds closed
3576163.247.96.10 465 tcp ssl/smtp open Exim smtpd 4.X
3577163.247.96.10 520 tcp efs filtered
3578163.247.96.10 520 udp route unknown
3579163.247.96.10 587 tcp smtp open Exim smtpd
3580163.247.96.10 2000 tcp cisco-sccp open
3581163.247.96.10 2049 tcp nfs filtered
3582163.247.96.10 2049 udp nfs unknown
3583163.247.96.10 4443 tcp http open Apache httpd
3584163.247.96.10 5060 tcp sip open
3585170.246.172.178 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:38. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
3586170.246.172.178 25 tcp smtp closed
3587170.246.172.178 53 tcp domain open PowerDNS Authoritative Server 4.1.10
3588170.246.172.178 53 udp domain open PowerDNS Authoritative Server 4.1.10
3589170.246.172.178 67 tcp dhcps filtered
3590170.246.172.178 67 udp dhcps unknown
3591170.246.172.178 68 tcp dhcpc filtered
3592170.246.172.178 68 udp dhcpc unknown
3593170.246.172.178 69 tcp tftp filtered
3594170.246.172.178 69 udp tftp unknown
3595170.246.172.178 88 tcp kerberos-sec filtered
3596170.246.172.178 88 udp kerberos-sec unknown
3597170.246.172.178 123 tcp ntp filtered
3598170.246.172.178 123 udp ntp unknown
3599170.246.172.178 137 tcp netbios-ns filtered
3600170.246.172.178 137 udp netbios-ns filtered
3601170.246.172.178 138 tcp netbios-dgm filtered
3602170.246.172.178 138 udp netbios-dgm filtered
3603170.246.172.178 139 tcp netbios-ssn closed
3604170.246.172.178 139 udp netbios-ssn unknown
3605170.246.172.178 161 tcp snmp filtered
3606170.246.172.178 161 udp snmp unknown
3607170.246.172.178 162 tcp snmptrap filtered
3608170.246.172.178 162 udp snmptrap unknown
3609170.246.172.178 389 tcp ldap filtered
3610170.246.172.178 389 udp ldap unknown
3611170.246.172.178 445 tcp microsoft-ds closed
3612170.246.172.178 520 tcp efs filtered
3613170.246.172.178 520 udp route unknown
3614170.246.172.178 2049 tcp nfs filtered
3615170.246.172.178 2049 udp nfs unknown
3616184.72.111.210 25 tcp smtp closed
3617184.72.111.210 53 tcp domain filtered
3618184.72.111.210 53 udp domain unknown
3619184.72.111.210 67 tcp dhcps filtered
3620184.72.111.210 67 udp dhcps unknown
3621184.72.111.210 68 tcp dhcpc filtered
3622184.72.111.210 68 udp dhcpc unknown
3623184.72.111.210 69 tcp tftp filtered
3624184.72.111.210 69 udp tftp unknown
3625184.72.111.210 80 tcp http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
3626184.72.111.210 88 tcp kerberos-sec filtered
3627184.72.111.210 88 udp kerberos-sec unknown
3628184.72.111.210 123 tcp ntp filtered
3629184.72.111.210 123 udp ntp unknown
3630184.72.111.210 137 tcp netbios-ns filtered
3631184.72.111.210 137 udp netbios-ns filtered
3632184.72.111.210 138 tcp netbios-dgm filtered
3633184.72.111.210 138 udp netbios-dgm filtered
3634184.72.111.210 139 tcp netbios-ssn closed
3635184.72.111.210 139 udp netbios-ssn unknown
3636184.72.111.210 161 tcp snmp filtered
3637184.72.111.210 161 udp snmp unknown
3638184.72.111.210 162 tcp snmptrap filtered
3639184.72.111.210 162 udp snmptrap unknown
3640184.72.111.210 389 tcp ldap filtered
3641184.72.111.210 389 udp ldap unknown
3642184.72.111.210 443 tcp ssl/http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
3643184.72.111.210 445 tcp microsoft-ds closed
3644184.72.111.210 520 tcp efs filtered
3645184.72.111.210 520 udp route unknown
3646184.72.111.210 2049 tcp nfs filtered
3647184.72.111.210 2049 udp nfs unknown
3648185.68.93.22 22 tcp ssh open SSH-2.0-OpenSSH_5.3
3649185.68.93.22 53 tcp domain closed
3650185.68.93.22 53 udp domain unknown
3651185.68.93.22 67 tcp dhcps closed
3652185.68.93.22 67 udp dhcps closed
3653185.68.93.22 68 tcp dhcpc closed
3654185.68.93.22 68 udp dhcpc closed
3655185.68.93.22 69 tcp tftp closed
3656185.68.93.22 69 udp tftp unknown
3657185.68.93.22 88 tcp kerberos-sec closed
3658185.68.93.22 88 udp kerberos-sec unknown
3659185.68.93.22 123 tcp ntp closed
3660185.68.93.22 123 udp ntp closed
3661185.68.93.22 137 tcp netbios-ns closed
3662185.68.93.22 137 udp netbios-ns filtered
3663185.68.93.22 138 tcp netbios-dgm closed
3664185.68.93.22 138 udp netbios-dgm filtered
3665185.68.93.22 139 tcp netbios-ssn closed
3666185.68.93.22 139 udp netbios-ssn closed
3667185.68.93.22 161 tcp snmp closed
3668185.68.93.22 161 udp snmp unknown
3669185.68.93.22 162 tcp snmptrap closed
3670185.68.93.22 162 udp snmptrap closed
3671185.68.93.22 389 tcp ldap closed
3672185.68.93.22 389 udp ldap unknown
3673185.68.93.22 520 tcp efs closed
3674185.68.93.22 520 udp route unknown
3675185.68.93.22 2049 tcp nfs closed
3676185.68.93.22 2049 udp nfs closed
3677185.119.173.237 25 tcp smtp closed
3678185.119.173.237 53 tcp domain filtered
3679185.119.173.237 53 udp domain unknown
3680185.119.173.237 67 tcp dhcps filtered
3681185.119.173.237 67 udp dhcps unknown
3682185.119.173.237 68 tcp dhcpc filtered
3683185.119.173.237 68 udp dhcpc unknown
3684185.119.173.237 69 tcp tftp filtered
3685185.119.173.237 69 udp tftp unknown
3686185.119.173.237 80 tcp http open Apache httpd
3687185.119.173.237 88 tcp kerberos-sec filtered
3688185.119.173.237 88 udp kerberos-sec unknown
3689185.119.173.237 123 tcp ntp filtered
3690185.119.173.237 123 udp ntp unknown
3691185.119.173.237 137 tcp netbios-ns filtered
3692185.119.173.237 137 udp netbios-ns filtered
3693185.119.173.237 138 tcp netbios-dgm filtered
3694185.119.173.237 138 udp netbios-dgm filtered
3695185.119.173.237 139 tcp netbios-ssn closed
3696185.119.173.237 139 udp netbios-ssn unknown
3697185.119.173.237 161 tcp snmp filtered
3698185.119.173.237 161 udp snmp unknown
3699185.119.173.237 162 tcp snmptrap filtered
3700185.119.173.237 162 udp snmptrap unknown
3701185.119.173.237 389 tcp ldap filtered
3702185.119.173.237 389 udp ldap unknown
3703185.119.173.237 443 tcp ssl/http open Apache httpd
3704185.119.173.237 445 tcp microsoft-ds closed
3705185.119.173.237 520 tcp efs filtered
3706185.119.173.237 520 udp route unknown
3707185.119.173.237 2049 tcp nfs filtered
3708185.119.173.237 2049 udp nfs unknown
3709186.67.91.110 25 tcp smtp closed
3710186.67.91.110 53 tcp domain filtered
3711186.67.91.110 53 udp domain unknown
3712186.67.91.110 67 tcp dhcps filtered
3713186.67.91.110 67 udp dhcps unknown
3714186.67.91.110 68 tcp dhcpc filtered
3715186.67.91.110 68 udp dhcpc unknown
3716186.67.91.110 69 tcp tftp filtered
3717186.67.91.110 69 udp tftp unknown
3718186.67.91.110 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
3719186.67.91.110 88 tcp kerberos-sec filtered
3720186.67.91.110 88 udp kerberos-sec unknown
3721186.67.91.110 123 tcp ntp filtered
3722186.67.91.110 123 udp ntp unknown
3723186.67.91.110 137 tcp netbios-ns filtered
3724186.67.91.110 137 udp netbios-ns filtered
3725186.67.91.110 138 tcp netbios-dgm filtered
3726186.67.91.110 138 udp netbios-dgm filtered
3727186.67.91.110 139 tcp netbios-ssn closed
3728186.67.91.110 139 udp netbios-ssn unknown
3729186.67.91.110 161 tcp snmp filtered
3730186.67.91.110 161 udp snmp unknown
3731186.67.91.110 162 tcp snmptrap filtered
3732186.67.91.110 162 udp snmptrap unknown
3733186.67.91.110 389 tcp ldap filtered
3734186.67.91.110 389 udp ldap unknown
3735186.67.91.110 443 tcp ssl/https open
3736186.67.91.110 445 tcp microsoft-ds closed
3737186.67.91.110 520 tcp efs filtered
3738186.67.91.110 520 udp route unknown
3739186.67.91.110 2049 tcp nfs filtered
3740186.67.91.110 2049 udp nfs unknown
3741194.18.73.2 25 tcp smtp closed
3742194.18.73.2 53 tcp domain filtered
3743194.18.73.2 53 udp domain unknown
3744194.18.73.2 67 tcp dhcps filtered
3745194.18.73.2 67 udp dhcps unknown
3746194.18.73.2 68 tcp dhcpc filtered
3747194.18.73.2 68 udp dhcpc unknown
3748194.18.73.2 69 tcp tftp filtered
3749194.18.73.2 69 udp tftp unknown
3750194.18.73.2 80 tcp http-proxy open HAProxy http proxy 1.3.1 or later
3751194.18.73.2 88 tcp kerberos-sec filtered
3752194.18.73.2 88 udp kerberos-sec unknown
3753194.18.73.2 113 tcp ident closed
3754194.18.73.2 123 tcp ntp filtered
3755194.18.73.2 123 udp ntp unknown
3756194.18.73.2 137 tcp netbios-ns filtered
3757194.18.73.2 137 udp netbios-ns filtered
3758194.18.73.2 138 tcp netbios-dgm filtered
3759194.18.73.2 138 udp netbios-dgm filtered
3760194.18.73.2 139 tcp netbios-ssn closed
3761194.18.73.2 139 udp netbios-ssn unknown
3762194.18.73.2 161 tcp snmp filtered
3763194.18.73.2 161 udp snmp unknown
3764194.18.73.2 162 tcp snmptrap filtered
3765194.18.73.2 162 udp snmptrap unknown
3766194.18.73.2 389 tcp ldap filtered
3767194.18.73.2 389 udp ldap unknown
3768194.18.73.2 443 tcp ssl/http-proxy open HAProxy http proxy 1.3.1 or later
3769194.18.73.2 445 tcp microsoft-ds closed
3770194.18.73.2 520 tcp efs filtered
3771194.18.73.2 520 udp route closed
3772194.18.73.2 2049 tcp nfs filtered
3773194.18.73.2 2049 udp nfs unknown
3774194.39.164.140 21 tcp ftp open ProFTPD
3775194.39.164.140 53 tcp domain filtered
3776194.39.164.140 53 udp domain unknown
3777194.39.164.140 67 tcp dhcps filtered
3778194.39.164.140 67 udp dhcps unknown
3779194.39.164.140 68 tcp dhcpc filtered
3780194.39.164.140 68 udp dhcpc unknown
3781194.39.164.140 69 tcp tftp filtered
3782194.39.164.140 69 udp tftp unknown
3783194.39.164.140 80 tcp http open nginx
3784194.39.164.140 88 tcp kerberos-sec filtered
3785194.39.164.140 88 udp kerberos-sec unknown
3786194.39.164.140 110 tcp pop3 open Courier pop3d
3787194.39.164.140 123 tcp ntp filtered
3788194.39.164.140 123 udp ntp unknown
3789194.39.164.140 137 tcp netbios-ns filtered
3790194.39.164.140 137 udp netbios-ns filtered
3791194.39.164.140 138 tcp netbios-dgm filtered
3792194.39.164.140 138 udp netbios-dgm filtered
3793194.39.164.140 139 tcp netbios-ssn closed
3794194.39.164.140 139 udp netbios-ssn unknown
3795194.39.164.140 161 tcp snmp filtered
3796194.39.164.140 161 udp snmp unknown
3797194.39.164.140 162 tcp snmptrap filtered
3798194.39.164.140 162 udp snmptrap unknown
3799194.39.164.140 389 tcp ldap filtered
3800194.39.164.140 389 udp ldap unknown
3801194.39.164.140 443 tcp ssl/http open nginx
3802194.39.164.140 465 tcp ssl/smtps open
3803194.39.164.140 520 tcp efs filtered
3804194.39.164.140 520 udp route unknown
3805194.39.164.140 587 tcp smtp open Postfix smtpd
3806194.39.164.140 993 tcp ssl/imaps open
3807194.39.164.140 2020 tcp ssh open OpenSSH 7.4 protocol 2.0
3808194.39.164.140 2049 tcp nfs filtered
3809194.39.164.140 2049 udp nfs unknown
3810194.39.164.140 8443 tcp ssl/https-alt open sw-cp-server
3811194.39.164.140 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
3812200.35.157.77 53 tcp domain filtered
3813200.35.157.77 53 udp domain unknown
3814200.35.157.77 67 tcp dhcps filtered
3815200.35.157.77 67 udp dhcps unknown
3816200.35.157.77 68 tcp dhcpc filtered
3817200.35.157.77 68 udp dhcpc unknown
3818200.35.157.77 69 tcp tftp filtered
3819200.35.157.77 69 udp tftp unknown
3820200.35.157.77 88 tcp kerberos-sec filtered
3821200.35.157.77 88 udp kerberos-sec unknown
3822200.35.157.77 123 tcp ntp filtered
3823200.35.157.77 123 udp ntp unknown
3824200.35.157.77 137 tcp netbios-ns filtered
3825200.35.157.77 137 udp netbios-ns filtered
3826200.35.157.77 138 tcp netbios-dgm filtered
3827200.35.157.77 138 udp netbios-dgm filtered
3828200.35.157.77 139 tcp netbios-ssn closed
3829200.35.157.77 139 udp netbios-ssn unknown
3830200.35.157.77 161 tcp snmp filtered
3831200.35.157.77 161 udp snmp unknown
3832200.35.157.77 162 tcp snmptrap filtered
3833200.35.157.77 162 udp snmptrap unknown
3834200.35.157.77 389 tcp ldap filtered
3835200.35.157.77 389 udp ldap unknown
3836200.35.157.77 520 tcp efs filtered
3837200.35.157.77 520 udp route unknown
3838200.35.157.77 2049 tcp nfs filtered
3839200.35.157.77 2049 udp nfs unknown
3840201.131.38.40 25 tcp smtp closed
3841201.131.38.40 53 tcp domain filtered
3842201.131.38.40 53 udp domain unknown
3843201.131.38.40 67 tcp dhcps filtered
3844201.131.38.40 67 udp dhcps unknown
3845201.131.38.40 68 tcp dhcpc filtered
3846201.131.38.40 68 udp dhcpc unknown
3847201.131.38.40 69 tcp tftp filtered
3848201.131.38.40 69 udp tftp unknown
3849201.131.38.40 80 tcp http open Apache httpd
3850201.131.38.40 88 tcp kerberos-sec filtered
3851201.131.38.40 88 udp kerberos-sec unknown
3852201.131.38.40 123 tcp ntp filtered
3853201.131.38.40 123 udp ntp unknown
3854201.131.38.40 137 tcp netbios-ns filtered
3855201.131.38.40 137 udp netbios-ns filtered
3856201.131.38.40 138 tcp netbios-dgm filtered
3857201.131.38.40 138 udp netbios-dgm filtered
3858201.131.38.40 139 tcp netbios-ssn closed
3859201.131.38.40 139 udp netbios-ssn unknown
3860201.131.38.40 161 tcp snmp filtered
3861201.131.38.40 161 udp snmp unknown
3862201.131.38.40 162 tcp snmptrap filtered
3863201.131.38.40 162 udp snmptrap unknown
3864201.131.38.40 389 tcp ldap filtered
3865201.131.38.40 389 udp ldap unknown
3866201.131.38.40 443 tcp ssl/http open Apache httpd
3867201.131.38.40 445 tcp microsoft-ds closed
3868201.131.38.40 520 tcp efs filtered
3869201.131.38.40 520 udp route unknown
3870201.131.38.40 2049 tcp nfs filtered
3871201.131.38.40 2049 udp nfs unknown
3872217.160.131.142 21 tcp ftp open ProFTPD
3873217.160.131.142 22 tcp ssh open OpenSSH 5.3 protocol 2.0
3874217.160.131.142 53 tcp domain closed
3875217.160.131.142 53 udp domain unknown
3876217.160.131.142 67 tcp dhcps closed
3877217.160.131.142 67 udp dhcps unknown
3878217.160.131.142 68 tcp dhcpc closed
3879217.160.131.142 68 udp dhcpc closed
3880217.160.131.142 69 tcp tftp closed
3881217.160.131.142 69 udp tftp unknown
3882217.160.131.142 80 tcp http open Apache httpd PleskLin
3883217.160.131.142 88 tcp kerberos-sec closed
3884217.160.131.142 88 udp kerberos-sec unknown
3885217.160.131.142 123 tcp ntp closed
3886217.160.131.142 123 udp ntp unknown
3887217.160.131.142 137 tcp netbios-ns closed
3888217.160.131.142 137 udp netbios-ns filtered
3889217.160.131.142 138 tcp netbios-dgm closed
3890217.160.131.142 138 udp netbios-dgm filtered
3891217.160.131.142 139 tcp netbios-ssn closed
3892217.160.131.142 139 udp netbios-ssn closed
3893217.160.131.142 161 tcp snmp closed
3894217.160.131.142 161 udp snmp unknown
3895217.160.131.142 162 tcp snmptrap closed
3896217.160.131.142 162 udp snmptrap closed
3897217.160.131.142 389 tcp ldap closed
3898217.160.131.142 389 udp ldap closed
3899217.160.131.142 443 tcp ssl/http open Apache httpd PleskLin
3900217.160.131.142 520 tcp efs closed
3901217.160.131.142 520 udp route unknown
3902217.160.131.142 2049 tcp nfs closed
3903217.160.131.142 2049 udp nfs closed
3904217.160.131.142 3306 tcp mysql open MySQL 5.1.73
3905217.160.131.142 4643 tcp ssl/http open Apache httpd
3906217.160.131.142 8443 tcp ssl/http open sw-cp-server httpd Plesk Onyx 17.8.11
3907217.160.131.142 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
3908#####################################################################################################################################
3909Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-07 22:45 EST
3910Nmap scan report for ec2-184-72-111-210.compute-1.amazonaws.com (184.72.111.210)
3911Host is up (0.076s latency).
3912Not shown: 995 filtered ports
3913PORT STATE SERVICE VERSION
391425/tcp closed smtp
391580/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
3916|_http-server-header: Microsoft-HTTPAPI/2.0
3917| vulscan: VulDB - https://vuldb.com:
3918| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
3919| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
3920| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
3921| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
3922| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
3923| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3924| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3925| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3926| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3927| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3928| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3929| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3930| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3931| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3932| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3933| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3934| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3935| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3936| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3937| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
3938| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
3939| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
3940| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
3941| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
3942| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
3943| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
3944| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
3945| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
3946| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
3947| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
3948| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
3949| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
3950| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
3951| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
3952| [114524] Microsoft ASP.NET Core 2.0 denial of service
3953| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
3954| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
3955| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
3956| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
3957| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
3958| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
3959| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
3960| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
3961| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
3962| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3963| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3964| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3965| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3966| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3967| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3968| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3969| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3970| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3971| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3972| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
3973| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
3974| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
3975| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
3976| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
3977| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
3978| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
3979| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
3980| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
3981| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
3982| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
3983| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3984| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
3985| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
3986| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3987| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3988| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3989| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
3990| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
3991| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3992| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3993| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
3994| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
3995| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
3996| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
3997| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
3998| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
3999| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4000| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
4001| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4002| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
4003| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
4004| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
4005| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
4006| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
4007| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
4008| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
4009| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
4010| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
4011| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
4012| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
4013| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
4014| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
4015| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
4016| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
4017| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
4018| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4019| [98085] Microsoft Excel 2007 SP3 memory corruption
4020| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
4021| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
4022| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
4023| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
4024| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
4025| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
4026| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
4027| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
4028| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
4029| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
4030| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4031| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4032| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
4033| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4034| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
4035| [93541] Microsoft Office 2007 SP3 denial of service
4036| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
4037| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
4038| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
4039| [93396] Microsoft Office 2007/2010/2011 memory corruption
4040| [93395] Microsoft Office 2007/2010/2011 memory corruption
4041| [93394] Microsoft Office 2007/2010 memory corruption
4042| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
4043| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
4044| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4045| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
4046| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4047| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4048| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4049| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
4050| [91545] Microsoft Office 2007/2010 memory corruption
4051| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4052| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
4053| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
4054| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
4055| [90705] Microsoft Office 2007/2010/2011 memory corruption
4056| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
4057| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
4058| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
4059| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
4060| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
4061| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
4062| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
4063| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
4064| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
4065| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
4066| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
4067| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
4068| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
4069| [87147] Microsoft Office 2007/2010 memory corruption
4070| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
4071| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
4072| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
4073| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4074| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
4075| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
4076| [81272] Microsoft Office 2007/2010/2013 memory corruption
4077| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
4078| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4079| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4080| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4081| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
4082| [79505] Microsoft Office 2007 memory corruption
4083| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
4084| [79503] Microsoft Office 2007/2010/2013 memory corruption
4085| [79502] Microsoft Office 2007/2010/2011 memory corruption
4086| [79501] Microsoft Office 2007/2010 memory corruption
4087| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
4088| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
4089| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
4090| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
4091| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
4092| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
4093| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
4094| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
4095| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
4096| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
4097| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
4098| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
4099| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
4100| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
4101| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
4102| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
4103| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4104| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
4105| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
4106| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4107| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
4108| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
4109| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
4110| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
4111| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
4112| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
4113| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
4114| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
4115| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
4116| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
4117| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
4118| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
4119| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
4120| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4121| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4122| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4123| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
4124| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
4125| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
4126| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
4127| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
4128| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
4129| [68408] Microsoft Excel 2007/2010/2013 memory corruption
4130| [68407] Microsoft Excel 2007/2010 memory corruption
4131| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
4132| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
4133| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
4134| [68188] Microsoft Word 2007 File memory corruption
4135| [68187] Microsoft Word 2007 File memory corruption
4136| [68186] Microsoft Word 2007 File memory corruption
4137| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
4138| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
4139| [71337] Microsoft Office 2000/2004/XP memory corruption
4140| [67355] Microsoft OneNote 2007 File Processing privilege escalation
4141| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
4142| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
4143| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
4144| [13545] Microsoft Word 2007 Embedded Font memory corruption
4145| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
4146| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
4147| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
4148| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
4149| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
4150| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
4151| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
4152| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
4153| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
4154| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
4155| [12844] Microsoft Word 2007/2010 Office File memory corruption
4156| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
4157| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
4158| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
4159| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
4160| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
4161| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
4162| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
4163| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
4164| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
4165| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
4166| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
4167| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
4168| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
4169| [10648] Microsoft Word 2007 Word File memory corruption
4170| [10647] Microsoft Word 2003 Word File memory corruption
4171| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
4172| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
4173| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
4174| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
4175| [10244] Microsoft Office 2003 SP3 Word File memory corruption
4176| [10243] Microsoft Office 2003/2007 Word File memory corruption
4177| [10242] Microsoft Office 2007 Word File memory corruption
4178| [10241] Microsoft Office 2007 Word File memory corruption
4179| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
4180| [10239] Microsoft Office 2003/2007 Word File memory corruption
4181| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
4182| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
4183| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
4184| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4185| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4186| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4187| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
4188| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
4189| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
4190| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
4191| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
4192| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
4193| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
4194| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
4195| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
4196| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
4197| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
4198| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
4199| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
4200| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
4201| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
4202| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
4203| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
4204| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
4205| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
4206| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
4207| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
4208| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
4209| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
4210| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
4211| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
4212| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
4213| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
4214| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
4215| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
4216| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
4217| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
4218| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
4219| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
4220| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
4221| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
4222| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
4223| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
4224| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
4225| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
4226| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
4227| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
4228| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
4229| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
4230| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
4231| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
4232| [6830] Microsoft Word 2007/2010 File memory corruption
4233| [6819] Microsoft Excel 2007 File memory corruption
4234| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
4235| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
4236| [6621] Microsoft Word 2007 PAPX memory corruption
4237| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
4238| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
4239| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
4240| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
4241| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
4242| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
4243| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
4244| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
4245| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
4246| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
4247| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
4248| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
4249| [5643] Microsoft SharePoint 2007/2010 information disclosure
4250| [5642] Microsoft SharePoint 2007 cross site request forgery
4251| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
4252| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
4253| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
4254| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
4255| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
4256| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
4257| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
4258| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
4259| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
4260| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
4261| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
4262| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
4263| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
4264| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
4265| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
4266| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
4267| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
4268| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
4269| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
4270| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
4271| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
4272| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
4273| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
4274| [4480] Microsoft Excel 2003 memory corruption
4275| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
4276| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
4277| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
4278| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
4279| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
4280| [4470] Microsoft Office 2003 SP3 memory corruption
4281| [4453] Microsoft Excel 2003 Record Parser memory corruption
4282| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
4283| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
4284| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
4285| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
4286| [59005] Microsoft Host Integration Server 2004 denial of service
4287| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
4288| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
4289| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
4290| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
4291| [58488] Microsoft Office 2007/2010 memory corruption
4292| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
4293| [4411] Microsoft Excel 2003 memory corruption
4294| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
4295| [58240] Microsoft Visio 2003/2007 memory corruption
4296| [58237] Microsoft Visio 2003/2007/2010 memory corruption
4297| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
4298| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
4299| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
4300| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
4301| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
4302| [57691] Microsoft SQL Server 2008 Web Service information disclosure
4303| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
4304| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
4305| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
4306| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
4307| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
4308| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
4309| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
4310| [4369] Microsoft Excel 2002/2003/2007 memory corruption
4311| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
4312| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
4313| [57420] Microsoft PowerPoint 2002/2003 memory corruption
4314| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
4315| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
4316| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
4317| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
4318| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
4319| [57076] Microsoft Excel 2002/2003 memory corruption
4320| [57075] Microsoft Excel 2002/2003 memory corruption
4321| [57074] Microsoft Excel 2002 memory corruption
4322| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
4323| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
4324| [4332] Microsoft PowerPoint 2007/2010 memory corruption
4325| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
4326| [56475] Microsoft Office 2004/2008 memory corruption
4327| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
4328| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
4329| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
4330| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
4331| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
4332| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
4333| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
4334| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
4335| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
4336| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
4337| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
4338| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
4339| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
4340| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
4341| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
4342| [55765] Microsoft Office 2003/Xp Integer memory corruption
4343| [55764] Microsoft Office 2003/Xp memory corruption
4344| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
4345| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
4346| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
4347| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
4348| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
4349| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
4350| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
4351| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
4352| [55420] Microsoft Office 2007/2010 memory corruption
4353| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
4354| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
4355| [55411] Microsoft PowerPoint 2002/2003 memory corruption
4356| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
4357| [54995] Microsoft Office 2004/2008 memory corruption
4358| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
4359| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
4360| [54992] Microsoft Excel 2002 memory corruption
4361| [54991] Microsoft Office 2004 Future memory corruption
4362| [54990] Microsoft Office 2004 memory corruption
4363| [54989] Microsoft Office 2004/2008 memory corruption
4364| [54988] Microsoft Excel 2002 memory corruption
4365| [54987] Microsoft Excel 2002 memory corruption
4366| [54986] Microsoft Excel 2002/2003 memory corruption
4367| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
4368| [54984] Microsoft Office 2004/2008 memory corruption
4369| [54983] Microsoft Excel 2002 Integer memory corruption
4370| [54980] Microsoft Word 2002/2003 memory corruption
4371| [54979] Microsoft Word 2002 memory corruption
4372| [54978] Microsoft Word 2002 memory corruption
4373| [54977] Microsoft Word 2002 Heap-based memory corruption
4374| [54976] Microsoft Word 2002 memory corruption
4375| [54975] Microsoft Word 2002 memory corruption
4376| [54974] Microsoft Word 2002 memory corruption
4377| [54973] Microsoft Word 2002 memory corruption
4378| [54972] Microsoft Word 2002 memory corruption
4379| [54971] Microsoft Word 2002 memory corruption
4380| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
4381| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
4382| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
4383| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
4384| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
4385| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
4386| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
4387| [54554] Microsoft Groove 2007 mso.dll memory corruption
4388| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
4389| [54322] Microsoft Word 2002/2003 memory corruption
4390| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
4391| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
4392| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
4393| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
4394| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
4395| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
4396| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
4397| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
4398| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
4399| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
4400| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
4401| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
4402| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
4403| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
4404| [53505] Microsoft Excel 2002/2007 memory corruption
4405| [53501] Microsoft Excel 2002 memory corruption
4406| [53500] Microsoft Excel 2002 memory corruption
4407| [53499] Microsoft Excel 2002 memory corruption
4408| [53495] Microsoft Excel 2002/2003/2007 memory corruption
4409| [53494] Microsoft Excel 2002 Stack-based memory corruption
4410| [53504] Microsoft Excel 2002 memory corruption
4411| [53503] Microsoft Excel 2002 Stack-Based memory corruption
4412| [53502] Microsoft Excel 2002 Heap-based memory corruption
4413| [53498] Microsoft Excel 2002 Stack-based memory corruption
4414| [53497] Microsoft Excel 2002 memory corruption
4415| [53496] Microsoft Excel 2002 memory corruption
4416| [53493] Microsoft Excel 2002/2003/2007 memory corruption
4417| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
4418| [53366] Microsoft ASP.NET 2.0 cross site scripting
4419| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
4420| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
4421| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
4422| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
4423| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
4424| [52773] Microsoft Visio 2002/2003/2007 memory corruption
4425| [52772] Microsoft Visio 2002/2003/2007 memory corruption
4426| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
4427| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
4428| [52543] Microsoft Virtual PC 2007 unknown vulnerability
4429| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
4430| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
4431| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
4432| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
4433| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
4434| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
4435| [4090] Microsoft Excel 2002/2003/2007 memory corruption
4436| [52036] Microsoft Windows 2000 MsgBox memory corruption
4437| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
4438| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
4439| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
4440| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
4441| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
4442| [51799] Microsoft PowerPoint 2002/2003 memory corruption
4443| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
4444| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
4445| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
4446| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
4447| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
4448| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
4449| [51074] Microsoft Office 2002/2003 Integer memory corruption
4450| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
4451| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
4452| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
4453| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
4454| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
4455| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
4456| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
4457| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
4458| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
4459| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
4460| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
4461| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
4462| [50443] Microsoft PowerPoint 2007 Integer memory corruption
4463| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
4464| [49866] Microsoft Windows Server 2003 memory corruption
4465| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
4466| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
4467| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
4468| [49745] Microsoft Windows Server 2003 denial of service
4469| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
4470| [49394] Microsoft Windows Server 2003 memory corruption
4471| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
4472| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
4473| [49198] Microsoft Visual Studio 2005 information disclosure
4474| [49047] Microsoft Virtual Server 2005 privilege escalation
4475| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
4476| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
4477| [49044] Microsoft ISA Server 2006 privilege escalation
4478| [3999] Microsoft Office 2007 Pointer memory corruption
4479| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
4480| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
4481| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
4482| [48517] Microsoft Windows 2000 Memory Leak memory corruption
4483| [48516] Microsoft Windows Server 2008 unknown vulnerability
4484| [48512] Microsoft Windows Server 2008 unknown vulnerability
4485| [48515] Microsoft Office Word Viewer 2003 memory corruption
4486| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
4487| [48554] Microsoft Excel 2000/2003/2007 memory corruption
4488| [48157] Microsoft PowerPoint 2002 Sound memory corruption
4489| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
4490| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
4491| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
4492| [48150] Microsoft PowerPoint 2002 Sound memory corruption
4493| [48147] Microsoft PowerPoint 2002 Sound memory corruption
4494| [48146] Microsoft PowerPoint 2002 Integer memory corruption
4495| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
4496| [48153] Microsoft PowerPoint 2002 Sound memory corruption
4497| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
4498| [48149] Microsoft PowerPoint 2002 memory corruption
4499| [48148] Microsoft PowerPoint 2002 Sound memory corruption
4500| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
4501| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
4502| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
4503| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
4504| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
4505| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
4506| [47719] Microsoft Windows 2000 Stack-based memory corruption
4507| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
4508| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
4509| [47715] Microsoft Windows 2000 Wordpad memory corruption
4510| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
4511| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
4512| [3952] Microsoft ISA Server 2004/2006 denial of service
4513| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
4514| [47091] Microsoft Windows Server 2008 unknown vulnerability
4515| [47090] Microsoft Windows Server 2008 unknown vulnerability
4516| [3939] Microsoft Windows 2000 DNS spoofing
4517| [3938] Microsoft Windows 2000 SSL weak authentication
4518| [3937] Microsoft Windows 2000 memory corruption
4519| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
4520| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
4521| [46455] Microsoft Exchange Server 2007 denial of service
4522| [46454] Microsoft Exchange Server 2007 memory corruption
4523| [46453] Microsoft Visio 2002/2003/2007 memory corruption
4524| [46452] Microsoft Visio 2002/2003/2007 memory corruption
4525| [46451] Microsoft Visio 2002/2003/2007 memory corruption
4526| [46327] Microsoft Word 2007 information disclosure
4527| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
4528| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
4529| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
4530| [45379] Microsoft Office SharePoint Server 2007 denial of service
4531| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
4532| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
4533| [3891] Microsoft Excel 2000/2002/2003 memory corruption
4534| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
4535| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
4536| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
4537| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
4538| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
4539| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
4540| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
4541| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
4542| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
4543| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
4544| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
4545| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
4546| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
4547| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
4548| [45197] Microsoft Windows 2000 nskey.dll memory corruption
4549| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
4550| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
4551| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
4552| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
4553| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
4554| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
4555| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
4556| [3844] Microsoft Excel 2003 REPT memory corruption
4557| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
4558| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
4559| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
4560| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
4561| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
4562| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
4563| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
4564| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
4565| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
4566| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
4567| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
4568| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
4569| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
4570| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
4571| [43657] Microsoft Office 2000/2003/Xp memory corruption
4572| [43654] Microsoft SharePoint Server 2007 memory corruption
4573| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
4574| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
4575| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
4576| [3796] Microsoft Office 2000 WPG memory corruption
4577| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
4578| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
4579| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
4580| [3792] Microsoft Office 2000 EPS File memory corruption
4581| [3783] Microsoft Word 2002 memory corruption
4582| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
4583| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
4584| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
4585| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
4586| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
4587| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
4588| [42816] Microsoft Word 2000/2003 memory corruption
4589| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
4590| [42731] Microsoft Windows Server 2003 denial of service
4591| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
4592| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
4593| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
4594| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
4595| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
4596| [41880] Microsoft Project 2000/2002/2003 memory corruption
4597| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
4598| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
4599| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
4600| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
4601| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
4602| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
4603| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
4604| [41453] Microsoft Excel 2000/2002/2003 memory corruption
4605| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
4606| [41451] Microsoft Excel 2000/2002/2003 memory corruption
4607| [41450] Microsoft Excel 2000 memory corruption
4608| [41449] Microsoft Excel 2000/2002/2003 memory corruption
4609| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
4610| [3648] Microsoft Excel 2003 memory corruption
4611| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
4612| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
4613| [41002] Microsoft Office 2000/2003/Xp memory corruption
4614| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
4615| [41000] Microsoft Works 2005/8.0 memory corruption
4616| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
4617| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
4618| [40987] Microsoft Windows 2000 denial of service
4619| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
4620| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
4621| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
4622| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
4623| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
4624| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
4625| [39655] Microsoft Windows Server 2003 spoofing
4626| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
4627| [3373] Microsoft Word 2000/2002 memory corruption
4628| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
4629| [38899] Microsoft ISA Server 2004 information disclosure
4630| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
4631| [38326] Microsoft Windows 2000 attemptwrite memory corruption
4632| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
4633| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
4634| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
4635| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
4636| [37738] Microsoft Office 2002/2003 memory corruption
4637| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
4638| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
4639| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
4640| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
4641| [37566] Microsoft Excel 2003 unknown vulnerability
4642| [37526] Microsoft Windows 2000/Server 2003 denial of service
4643| [37248] Microsoft Visio 2002 Packaging memory corruption
4644| [37251] Microsoft Windows 2000 memory corruption
4645| [3119] Microsoft Visio 2002 Object memory corruption
4646| [3118] Microsoft Visio 2002 Data memory corruption
4647| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
4648| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
4649| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
4650| [36616] Microsoft Works 2004/2005/2006 memory corruption
4651| [36621] Microsoft Exchange Server 2000 Integer denial of service
4652| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
4653| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
4654| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
4655| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
4656| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
4657| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
4658| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
4659| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
4660| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
4661| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
4662| [36039] Microsoft Content Management Server 2001 memory corruption
4663| [36052] Microsoft Windows 2000 Heap-based memory corruption
4664| [36051] Microsoft Word 2007 file798-1.doc memory corruption
4665| [36050] Microsoft Word 2007 file789-1.doc memory corruption
4666| [36040] Microsoft Content Management Server 2001 cross site scripting
4667| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
4668| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
4669| [36002] Microsoft Windows 2000/XP denial of service
4670| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
4671| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
4672| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
4673| [35373] Microsoft Excel 2003 denial of service
4674| [35372] Microsoft Office 2003 denial of service
4675| [35206] Microsoft Windows Server 2003/XP Crash denial of service
4676| [35161] Microsoft ISA Server 2004 unknown vulnerability
4677| [35236] Microsoft Publisher 2007 memory corruption
4678| [2939] Microsoft Word 2000 memory corruption
4679| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
4680| [34993] Microsoft Office 2000/2003/Xp memory corruption
4681| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
4682| [35000] Microsoft Word 2000/2002/2003 memory corruption
4683| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
4684| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
4685| [2884] Microsoft Word 2000/2002/2003 memory corruption
4686| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
4687| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
4688| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
4689| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
4690| [34322] Microsoft Office 2000/2003/Xp memory corruption
4691| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
4692| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
4693| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
4694| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
4695| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
4696| [34126] Microsoft Office 2003 memory corruption
4697| [34122] Microsoft Office Web Components 2000 memory corruption
4698| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
4699| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
4700| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
4701| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
4702| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
4703| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
4704| [33766] Microsoft Word 2000/2002/2003 memory corruption
4705| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
4706| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
4707| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
4708| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
4709| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
4710| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
4711| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
4712| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
4713| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
4714| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
4715| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
4716| [32693] Microsoft Word 2004 memory corruption
4717| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
4718| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
4719| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
4720| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
4721| [32694] Microsoft Windows 2000 memory corruption
4722| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
4723| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
4724| [32687] Microsoft Word 2000/2002 memory corruption
4725| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
4726| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
4727| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
4728| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
4729| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
4730| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
4731| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
4732| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
4733| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
4734| [2593] Microsoft ASP.NET 2.0 cross site scripting
4735| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
4736| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
4737| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
4738| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
4739| [141635] Microsoft .NET Core 2.1/2.2 denial of service
4740| [141633] Microsoft Excel up to 2019 memory corruption
4741| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
4742| [141630] Microsoft Windows up to Server 2019 denial of service
4743| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
4744| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
4745| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
4746| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
4747| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
4748| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
4749| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
4750| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
4751| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
4752| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
4753| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
4754| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
4755| [141610] Microsoft Excel up to 2019 information disclosure
4756| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
4757| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
4758| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
4759| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
4760| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
4761| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
4762| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
4763| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
4764| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4765| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4766| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4767| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4768| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4769| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
4770| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
4771| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4772| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4773| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4774| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4775| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
4776| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
4777| [141583] Microsoft Lync Server 2013 Conference directory traversal
4778| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
4779| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
4780| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
4781| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
4782| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
4783| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
4784| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
4785| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
4786| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
4787| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
4788| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
4789| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
4790| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
4791| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
4792| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
4793| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
4794| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
4795| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
4796| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
4797| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
4798| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
4799| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
4800| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
4801| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
4802| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
4803| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
4804| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
4805| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
4806| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
4807| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
4808| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
4809| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
4810| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
4811| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
4812| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
4813| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4814| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4815| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4816| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
4817| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
4818| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4819| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4820| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
4821| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
4822| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
4823| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
4824| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
4825| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
4826| [139911] Microsoft Windows up to Server 2019 denial of service
4827| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
4828| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
4829| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
4830| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4831| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4832| [139902] Microsoft Word up to 2019 memory corruption
4833| [139901] Microsoft Outlook up to 2019 memory corruption
4834| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
4835| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
4836| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4837| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4838| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
4839| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
4840| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
4841| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
4842| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
4843| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
4844| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
4845| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
4846| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
4847| [139877] Microsoft Outlook up to 2019 memory corruption
4848| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4849| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4850| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
4851| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
4852| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
4853| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
4854| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
4855| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
4856| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4857| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4858| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4859| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4860| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4861| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4862| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4863| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4864| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4865| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
4866| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
4867| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
4868| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
4869| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
4870| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
4871| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
4872| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4873| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4874| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4875| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
4876| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
4877| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
4878| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
4879| [137541] Microsoft Windows up to Server 2019 memory corruption
4880| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
4881| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
4882| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
4883| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
4884| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
4885| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
4886| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
4887| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
4888| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
4889| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
4890| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
4891| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
4892| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
4893| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
4894| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
4895| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
4896| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
4897| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
4898| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
4899| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
4900| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
4901| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
4902| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
4903| [136327] Microsoft Lync Server 2010/2013 denial of service
4904| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4905| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4906| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4907| [136323] Microsoft Windows up to Server 2019 denial of service
4908| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
4909| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4910| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
4911| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
4912| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
4913| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
4914| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
4915| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
4916| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
4917| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
4918| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
4919| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
4920| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
4921| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4922| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
4923| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
4924| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
4925| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4926| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4927| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4928| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4929| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4930| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4931| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
4932| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
4933| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
4934| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
4935| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
4936| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
4937| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
4938| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
4939| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
4940| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
4941| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
4942| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
4943| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
4944| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4945| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
4946| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
4947| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4948| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4949| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
4950| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
4951| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
4952| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
4953| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
4954| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
4955| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4956| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4957| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4958| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4959| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4960| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4961| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4962| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4963| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4964| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4965| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
4966| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4967| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4968| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4969| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
4970| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
4971| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
4972| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
4973| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
4974| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
4975| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
4976| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
4977| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
4978| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4979| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4980| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
4981| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
4982| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
4983| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
4984| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
4985| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4986| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
4987| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
4988| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4989| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4990| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
4991| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
4992| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
4993| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
4994| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
4995| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
4996| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
4997| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
4998| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
4999| [133204] Microsoft Office/Excel up to 2019 memory corruption
5000| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5001| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5002| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5003| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
5004| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
5005| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
5006| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
5007| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
5008| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5009| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
5010| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5011| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
5012| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
5013| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5014| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
5015| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
5016| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
5017| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
5018| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
5019| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
5020| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
5021| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
5022| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
5023| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
5024| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
5025| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
5026| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
5027| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
5028| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
5029| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
5030| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
5031| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
5032| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
5033| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
5034| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
5035| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
5036| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
5037| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
5038| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
5039| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
5040| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
5041| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
5042| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
5043| [131658] Microsoft Windows up to Server 2019 information disclosure
5044| [131657] Microsoft Windows up to Server 2019 denial of service
5045| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
5046| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
5047| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
5048| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
5049| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
5050| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
5051| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
5052| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
5053| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5054| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
5055| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
5056| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
5057| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
5058| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
5059| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
5060| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
5061| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
5062| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
5063| [130832] Microsoft 2013 SP1 spoofing
5064| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
5065| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
5066| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
5067| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
5068| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
5069| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
5070| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5071| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
5072| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
5073| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
5074| [130814] Microsoft Windows up to Server 2019 privilege escalation
5075| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
5076| [130808] Microsoft Windows up to Server 2019 information disclosure
5077| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
5078| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
5079| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
5080| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
5081| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
5082| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
5083| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
5084| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5085| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
5086| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
5087| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
5088| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
5089| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
5090| [130792] Microsoft Windows up to Server 2019 HID information disclosure
5091| [130791] Microsoft Windows up to Server 2019 HID information disclosure
5092| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5093| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5094| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5095| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5096| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5097| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
5098| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
5099| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
5100| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
5101| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
5102| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
5103| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
5104| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
5105| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5106| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5107| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5108| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5109| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5110| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5111| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5112| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5113| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5114| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5115| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5116| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
5117| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
5118| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
5119| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5120| [128745] Microsoft Office up to 2019 Word Macro information disclosure
5121| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5122| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5123| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
5124| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
5125| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
5126| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
5127| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
5128| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
5129| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
5130| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
5131| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
5132| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5133| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5134| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
5135| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5136| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
5137| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
5138| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
5139| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
5140| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
5141| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
5142| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
5143| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
5144| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
5145| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
5146| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
5147| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
5148| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
5149| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
5150| [127817] Microsoft Excel up to 2019 information disclosure
5151| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
5152| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
5153| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
5154| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
5155| [127806] Microsoft Outlook up to 2019 memory corruption
5156| [127805] Microsoft Excel up to 2019 memory corruption
5157| [127804] Microsoft Excel up to 2019 memory corruption
5158| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
5159| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
5160| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
5161| [126755] Microsoft .NET Core 2.1 privilege escalation
5162| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
5163| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
5164| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
5165| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
5166| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5167| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
5168| [126744] Microsoft Office up to 2019 Word memory corruption
5169| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5170| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
5171| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
5172| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
5173| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
5174| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
5175| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
5176| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
5177| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
5178| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5179| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5180| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
5181| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
5182| [126718] Microsoft Windows up to Server 2016 Search memory corruption
5183| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
5184| [126716] Microsoft Office up to 2019 Excel memory corruption
5185| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
5186| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
5187| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
5188| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
5189| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
5190| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
5191| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
5192| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
5193| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
5194| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
5195| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
5196| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
5197| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
5198| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
5199| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
5200| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
5201| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
5202| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5203| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5204| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5205| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5206| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
5207| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
5208| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
5209| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
5210| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
5211| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
5212| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
5213| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5214| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
5215| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
5216| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
5217| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
5218| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
5219| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
5220| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
5221| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
5222| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
5223| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
5224| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
5225| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5226| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5227| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
5228| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
5229| [123849] Microsoft Windows up to Server 2016 SMB denial of service
5230| [123846] Microsoft Office 2016 on Win/Mac memory corruption
5231| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
5232| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5233| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5234| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
5235| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
5236| [123827] Microsoft Windows up to Server 2016 Image memory corruption
5237| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
5238| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
5239| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
5240| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
5241| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
5242| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
5243| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
5244| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5245| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5246| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5247| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
5248| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5249| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
5250| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
5251| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
5252| [122848] Microsoft Windows Security Feature 2FA weak authentication
5253| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
5254| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
5255| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
5256| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
5257| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5258| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
5259| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
5260| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
5261| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
5262| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
5263| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
5264| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5265| [121098] Microsoft Office 2016/2016 C2R memory corruption
5266| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
5267| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
5268| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5269| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
5270| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
5271| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
5272| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
5273| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
5274| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5275| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
5276| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5277| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5278| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5279| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5280| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5281| [119459] Microsoft Windows up to Server 2016 memory corruption
5282| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
5283| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
5284| [119455] Microsoft Windows up to Server 2016 denial of service
5285| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
5286| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
5287| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
5288| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
5289| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
5290| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
5291| [119436] Microsoft Windows up to Server 2016 memory corruption
5292| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
5293| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
5294| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
5295| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
5296| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
5297| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
5298| [117507] Microsoft Infopath 2013 SP1 memory corruption
5299| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
5300| [117504] Microsoft Office 2010 SP2 information disclosure
5301| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
5302| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
5303| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5304| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
5305| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
5306| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
5307| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
5308| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
5309| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5310| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5311| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5312| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5313| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5314| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5315| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
5316| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
5317| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
5318| [116132] Microsoft Office 2016 Memory information disclosure
5319| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5320| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
5321| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
5322| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
5323| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
5324| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
5325| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5326| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
5327| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
5328| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
5329| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
5330| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
5331| [116023] Microsoft Office up to 2016 C2R information disclosure
5332| [116022] Microsoft Excel 2010 SP2 memory corruption
5333| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
5334| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
5335| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5336| [116017] Microsoft Excel up to 2016 C2R memory corruption
5337| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
5338| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
5339| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
5340| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
5341| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
5342| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
5343| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
5344| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
5345| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
5346| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5347| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
5348| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
5349| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
5350| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5351| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
5352| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
5353| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
5354| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5355| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5356| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5357| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5358| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5359| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5360| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5361| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5362| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5363| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5364| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5365| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
5366| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
5367| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
5368| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
5369| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
5370| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
5371| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
5372| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
5373| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
5374| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
5375| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
5376| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
5377| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
5378| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
5379| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
5380| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
5381| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
5382| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
5383| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
5384| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
5385| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
5386| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
5387| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
5388| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
5389| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
5390| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
5391| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
5392| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
5393| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
5394| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
5395| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
5396| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
5397| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
5398| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
5399| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
5400| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
5401| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
5402| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
5403| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
5404| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
5405| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5406| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
5407| [113232] Microsoft Excel 2016 memory corruption
5408| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
5409| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
5410| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
5411| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
5412| [111567] Microsoft Office 2010/2013/2016 memory corruption
5413| [111564] Microsoft Word 2016 memory corruption
5414| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
5415| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
5416| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
5417| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
5418| [110553] Microsoft Office 2016 C2R information disclosure
5419| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
5420| [110551] Microsoft Excel 2016 C2R memory corruption
5421| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
5422| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
5423| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
5424| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
5425| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
5426| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5427| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5428| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
5429| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
5430| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
5431| [107759] Microsoft Windows up to Server 2016 SMB denial of service
5432| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5433| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5434| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
5435| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
5436| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
5437| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
5438| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
5439| [107738] Microsoft Windows up to Server 2016 Search information disclosure
5440| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
5441| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
5442| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
5443| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5444| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5445| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
5446| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
5447| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
5448| [107698] Microsoft Office 2016 memory corruption
5449| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
5450| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
5451| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5452| [106529] Microsoft PowerPoint 2016 memory corruption
5453| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
5454| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
5455| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
5456| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
5457| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
5458| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
5459| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
5460| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
5461| [106474] Microsoft Office 2016 memory corruption
5462| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
5463| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
5464| [106470] Microsoft Excel 2011 on Mac memory corruption
5465| [106455] Microsoft Exchange Server 2013/2016 information disclosure
5466| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
5467| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
5468| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
5469| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
5470| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
5471| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
5472| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
5473| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
5474| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
5475| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
5476| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
5477| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
5478| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
5479| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
5480| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
5481| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
5482| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
5483| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
5484| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
5485| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
5486| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
5487| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
5488| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
5489| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
5490| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
5491| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
5492| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
5493| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
5494| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
5495| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
5496| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
5497| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
5498| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
5499| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
5500| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
5501| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
5502| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
5503| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
5504| [102463] Microsoft Project Server 2013 SP1 cross site scripting
5505| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
5506| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
5507| [102446] Microsoft Office up to 2016 privilege escalation
5508| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
5509| [102443] Microsoft Office up to 2016 privilege escalation
5510| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
5511| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
5512| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
5513| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
5514| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
5515| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
5516| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
5517| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
5518| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
5519| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5520| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
5521| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
5522| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5523| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
5524| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5525| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5526| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
5527| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
5528| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5529| [101019] Microsoft Skype for Business 2016 memory corruption
5530| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
5531| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
5532| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
5533| [101014] Microsoft Office 2010 SP2/2016 memory corruption
5534| [101013] Microsoft Office 2010 SP2/2016 memory corruption
5535| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5536| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5537| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5538| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
5539| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
5540| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
5541| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
5542| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
5543| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
5544| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
5545| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
5546| [98096] Microsoft Exchange 2013 SP1 privilege escalation
5547| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
5548| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
5549| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
5550| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
5551| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
5552| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
5553| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
5554| [98081] Microsoft Excel up to 2016 information disclosure
5555| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5556| [98079] Microsoft Word 2016 memory corruption
5557| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
5558| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
5559| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
5560| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
5561| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
5562| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
5563| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
5564| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
5565| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
5566| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
5567| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
5568| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
5569| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
5570| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
5571| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
5572| [94451] Microsoft Office 2011 memory corruption
5573| [94447] Microsoft Office 2010 SP2 memory corruption
5574| [94446] Microsoft Office 2016 memory corruption
5575| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
5576| [94443] Microsoft Office up to 2016 information disclosure
5577| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
5578| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
5579| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
5580| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
5581| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
5582| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
5583| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
5584| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
5585| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
5586| [93393] Microsoft Office up to 2016 memory corruption
5587| [93392] Microsoft Office up to 2016 memory corruption
5588| [93391] Microsoft Office up to 2016 memory corruption
5589| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
5590| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
5591| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
5592| [92584] Microsoft Office up to 2016 memory corruption
5593| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
5594| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
5595| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
5596| [91555] Microsoft Exchange 2013/2016 Link spoofing
5597| [91550] Microsoft Office 2016 memory corruption
5598| [91547] Microsoft Office 2010 memory corruption
5599| [91543] Microsoft Office up to 2016 memory corruption
5600| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
5601| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
5602| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
5603| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
5604| [89043] Microsoft Office up to 2016 memory corruption
5605| [89041] Microsoft Office up to 2016 memory corruption
5606| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
5607| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
5608| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
5609| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
5610| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
5611| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
5612| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
5613| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
5614| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
5615| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
5616| [87936] Microsoft Office up to 2016 memory corruption
5617| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
5618| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
5619| [87149] Microsoft Office up to 2016 memory corruption
5620| [87148] Microsoft Office 2010 Graphics memory corruption
5621| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
5622| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
5623| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
5624| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
5625| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
5626| [81274] Microsoft Office up to 2016 memory corruption
5627| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
5628| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
5629| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
5630| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5631| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
5632| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
5633| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
5634| [80870] Microsoft Office up to 2016 memory corruption
5635| [80868] Microsoft Office up to 2016 memory corruption
5636| [80867] Microsoft Office up to 2016 memory corruption
5637| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
5638| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
5639| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
5640| [80231] Microsoft Excel up to 2016 Office Document memory corruption
5641| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
5642| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
5643| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
5644| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
5645| [80218] Microsoft Office up to 2016 ASLR privilege escalation
5646| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
5647| [80216] Microsoft Office up to 2016 Office Document memory corruption
5648| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
5649| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
5650| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
5651| [79500] Microsoft Office 2010/2011/2016 memory corruption
5652| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
5653| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
5654| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
5655| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
5656| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
5657| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
5658| [77638] Microsoft Lync Server 2013 cross site scripting
5659| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
5660| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
5661| [77050] Microsoft Office up to 2016 memory corruption
5662| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
5663| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
5664| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
5665| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
5666| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
5667| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
5668| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
5669| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
5670| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
5671| [66976] Microsoft Access 2010 VBA Datatype denial of service
5672| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
5673| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
5674| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
5675| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
5676| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
5677| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
5678| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
5679| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
5680| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
5681| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
5682| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
5683| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
5684| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
5685| [69156] Microsoft Office 2010 Object memory corruption
5686| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
5687| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
5688| [68191] Microsoft SharePoint 2010 cross site scripting
5689| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
5690| [67518] Microsoft Lync 2013 denial of service
5691| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
5692| [67516] Microsoft Lync 2010/2013 denial of service
5693| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
5694| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
5695| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
5696| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
5697| [13228] Microsoft Office 2013 Document privilege escalation
5698| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
5699| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
5700| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
5701| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
5702| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
5703| [12183] Microsoft .NET Framework 2/4 DTD denial of service
5704| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
5705| [11468] Microsoft Exchange 2010/2013 cross site scripting
5706| [11466] Microsoft Office 2013 File Response information disclosure
5707| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
5708| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
5709| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
5710| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
5711| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
5712| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
5713| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
5714| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
5715| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
5716| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
5717| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
5718| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
5719| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
5720| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
5721| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
5722| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
5723| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
5724| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
5725| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
5726| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
5727| [7343] Microsoft Lync 2012 HTTP Format String
5728| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
5729| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
5730| [6831] Microsoft Office Picture Manager 2010 File memory corruption
5731| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
5732| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
5733| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
5734| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
5735| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
5736| [5641] Microsoft SharePoint 2010 cross site scripting
5737| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
5738| [12311] Microsoft Lync 2010 Search race condition
5739| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
5740| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
5741| [60208] Microsoft Visio Viewer 2010 memory corruption
5742| [60207] Microsoft Visio Viewer 2010 memory corruption
5743| [60206] Microsoft Visio Viewer 2010 memory corruption
5744| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
5745| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
5746| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
5747| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
5748| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
5749| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
5750| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
5751| [4424] Microsoft Host Integration Server up to 2010 denial of service
5752| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
5753| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
5754| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
5755| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
5756| [4414] Microsoft SharePoint 2010 cross site scripting
5757| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
5758| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
5759| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
5760| [56028] Microsoft Data Access Components 2.8 memory corruption
5761| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
5762| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
5763| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
5764| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
5765| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
5766| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
5767| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
5768| [4009] Microsoft NET Framework 2.x/3.x denial of service
5769| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
5770| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
5771| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
5772| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
5773| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
5774| [32692] Microsoft XML Core Services up to 2.6 memory corruption
5775| [32691] Microsoft XML Core Services up to 2.6 memory corruption
5776|
5777| MITRE CVE - https://cve.mitre.org:
5778| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
5779| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
5780| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
5781| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
5782| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
5783| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
5784| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
5785| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
5786| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
5787| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
5788| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
5789| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
5790| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
5791| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
5792| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
5793| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
5794| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
5795| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
5796| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
5797| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
5798| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
5799| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
5800| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
5801| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
5802| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
5803| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
5804| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
5805| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
5806| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
5807| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
5808| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
5809| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
5810| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
5811| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
5812| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
5813| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
5814| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
5815| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
5816| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
5817| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
5818| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
5819| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
5820| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
5821| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
5822| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
5823| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
5824| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
5825| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
5826| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
5827| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5828| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5829| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5830| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5831| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5832| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5833| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5834| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5835| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5836| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5837| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5838| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5839| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5840| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5841| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5842| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5843| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5844| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5845| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5846| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5847| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5848| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5849| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5850| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5851| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5852| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5853| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5854| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5855| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5856| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
5857| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
5858| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
5859| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
5860| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
5861| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
5862| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
5863| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
5864| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
5865| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
5866| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
5867| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
5868| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
5869| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
5870| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
5871| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
5872| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
5873| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
5874| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
5875| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
5876| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
5877| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
5878| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
5879| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
5880| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
5881| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
5882| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
5883| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
5884| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
5885| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
5886| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
5887| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
5888| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
5889| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
5890| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
5891| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
5892| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
5893| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
5894| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
5895| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
5896| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
5897| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
5898| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
5899| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
5900| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
5901| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
5902| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
5903| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
5904| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
5905| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
5906| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
5907| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
5908| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
5909| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
5910| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
5911| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
5912| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
5913| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
5914| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
5915| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
5916| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
5917| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
5918| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
5919| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
5920| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
5921| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
5922| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
5923| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
5924| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
5925| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
5926| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
5927| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
5928| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
5929| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
5930| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
5931| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
5932| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
5933| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
5934| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
5935| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
5936| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
5937| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
5938| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
5939| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
5940| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
5941| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
5942| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
5943| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
5944| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
5945| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
5946| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
5947| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
5948| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
5949| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
5950| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
5951| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
5952| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
5953| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
5954| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
5955| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
5956| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
5957| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
5958| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
5959| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
5960| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
5961| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
5962| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
5963| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
5964| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
5965| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
5966| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
5967| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
5968| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
5969| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
5970| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
5971| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
5972| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
5973| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
5974| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
5975| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
5976| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
5977| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
5978| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
5979| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
5980| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
5981| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
5982| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
5983| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
5984| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
5985| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
5986| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
5987| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
5988| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
5989| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
5990| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
5991| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
5992| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
5993| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
5994| [CVE-2011-1990] Microsoft Excel 2007 SP2
5995| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
5996| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
5997| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
5998| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
5999| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
6000| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
6001| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
6002| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
6003| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
6004| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
6005| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
6006| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
6007| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
6008| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
6009| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
6010| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
6011| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
6012| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
6013| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
6014| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
6015| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
6016| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
6017| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
6018| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
6019| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6020| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6021| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6022| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6023| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6024| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6025| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6026| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
6027| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6028| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6029| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
6030| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6031| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6032| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
6033| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
6034| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
6035| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
6036| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
6037| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
6038| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
6039| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
6040| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
6041| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
6042| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
6043| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
6044| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
6045| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
6046| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
6047| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
6048| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6049| [CVE-2011-1275] Microsoft Excel 2002 SP3
6050| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6051| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6052| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6053| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
6054| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
6055| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
6056| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
6057| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
6058| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
6059| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
6060| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
6061| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
6062| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
6063| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
6064| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6065| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6066| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6067| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6068| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6069| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6070| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6071| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6072| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6073| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6074| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6075| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6076| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6077| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6078| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6079| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6080| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6081| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6082| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
6083| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6084| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
6085| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
6086| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
6087| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6088| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
6089| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6090| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6091| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6092| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6093| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6094| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6095| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6096| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6097| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
6098| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
6099| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
6100| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
6101| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
6102| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
6103| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6104| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
6105| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
6106| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
6107| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
6108| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
6109| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
6110| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
6111| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6112| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6113| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
6114| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
6115| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
6116| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
6117| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
6118| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
6119| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
6120| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
6121| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
6122| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
6123| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
6124| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
6125| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
6126| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
6127| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
6128| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
6129| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
6130| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
6131| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
6132| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
6133| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
6134| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
6135| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
6136| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
6137| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
6138| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
6139| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
6140| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
6141| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
6142| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
6143| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
6144| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
6145| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
6146| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
6147| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
6148| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
6149| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
6150| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
6151| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
6152| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
6153| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
6154| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
6155| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
6156| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
6157| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
6158| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
6159| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
6160| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
6161| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
6162| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
6163| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
6164| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
6165| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
6166| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
6167| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
6168| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
6169| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
6170| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
6171| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
6172| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
6173| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
6174| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
6175| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
6176| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
6177| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
6178| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
6179| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
6180| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
6181| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
6182| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
6183| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
6184| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
6185| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
6186| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
6187| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
6188| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
6189| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
6190| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
6191| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
6192| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
6193| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
6194| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
6195| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
6196| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
6197| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
6198| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
6199| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
6200| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
6201| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
6202| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
6203| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
6204| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
6205| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
6206| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
6207| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
6208| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
6209| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
6210| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
6211| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
6212| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
6213| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
6214| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
6215| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
6216| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
6217| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
6218| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
6219| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
6220| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
6221| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
6222| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
6223| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
6224| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
6225| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
6226| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
6227| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
6228| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
6229| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
6230| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
6231| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
6232| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
6233| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
6234| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
6235| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
6236| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
6237| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
6238| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
6239| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
6240| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
6241| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
6242| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
6243| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
6244| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
6245| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
6246| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
6247| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
6248| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
6249| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
6250| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
6251| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
6252| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
6253| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
6254| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
6255| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
6256| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
6257| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
6258| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
6259| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
6260| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
6261| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
6262| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
6263| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
6264| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
6265| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
6266| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
6267| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
6268| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
6269| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
6270| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
6271| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
6272| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
6273| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
6274| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
6275| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
6276| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
6277| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
6278| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
6279| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
6280| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
6281| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
6282| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
6283| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
6284| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
6285| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
6286| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
6287| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
6288| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
6289| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
6290| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
6291| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
6292| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
6293| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
6294| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
6295| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
6296| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
6297| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
6298| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
6299| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
6300| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
6301| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
6302| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
6303| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
6304| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
6305| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
6306| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
6307| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
6308| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
6309| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
6310| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
6311| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
6312| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6313| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
6314| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
6315| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
6316| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
6317| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
6318| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
6319| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
6320| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
6321| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
6322| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
6323| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
6324| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
6325| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
6326| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
6327| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
6328| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
6329| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
6330| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
6331| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
6332| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
6333| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
6334| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
6335| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
6336| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
6337| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
6338| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
6339| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
6340| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
6341| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
6342| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
6343| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
6344| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
6345| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
6346| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
6347| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
6348| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
6349| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
6350| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
6351| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
6352| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
6353| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
6354| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
6355| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
6356| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
6357| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
6358| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
6359| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
6360| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
6361| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
6362| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
6363| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
6364| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6365| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
6366| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6367| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6368| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
6369| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6370| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
6371| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
6372| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
6373| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
6374| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
6375| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
6376| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
6377| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
6378| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
6379| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
6380| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
6381| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
6382| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
6383| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
6384| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
6385| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
6386| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
6387| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
6388| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
6389| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
6390| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
6391| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
6392| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
6393| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
6394| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
6395| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
6396| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
6397| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
6398| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
6399| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
6400| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
6401| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
6402| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
6403| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
6404| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
6405| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
6406| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
6407| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
6408| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
6409| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
6410| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
6411| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
6412| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
6413| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
6414| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
6415| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
6416| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
6417| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
6418| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
6419| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
6420| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
6421| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
6422| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
6423| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
6424| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
6425| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
6426| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
6427| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
6428| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
6429| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
6430| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
6431| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
6432| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
6433| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
6434| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
6435| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
6436| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
6437| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
6438| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
6439| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
6440| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
6441| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
6442| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
6443| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
6444| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
6445| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
6446| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
6447| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
6448| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
6449| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6450| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
6451| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6452| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6453| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
6454| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
6455| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6456| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
6457| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
6458| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
6459| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
6460| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
6461| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
6462| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
6463| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
6464| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
6465| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
6466| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
6467| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
6468| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
6469| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
6470| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
6471| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
6472| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
6473| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
6474| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
6475| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
6476| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
6477| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
6478| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
6479| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
6480| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
6481| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
6482| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
6483| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
6484| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
6485| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
6486| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
6487| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
6488| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
6489| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
6490| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
6491| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
6492| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
6493| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
6494| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
6495| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
6496| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
6497| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
6498| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
6499| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
6500| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
6501| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
6502| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
6503| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
6504| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
6505| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
6506| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
6507| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
6508| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
6509| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
6510| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
6511| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
6512| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
6513| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
6514| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
6515| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
6516| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
6517| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6518| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
6519| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
6520| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
6521| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
6522| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
6523| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
6524| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
6525| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
6526| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6527| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
6528| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
6529| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
6530| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
6531| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
6532| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
6533| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
6534| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
6535| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
6536| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
6537| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
6538| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6539| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6540| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6541| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6542| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6543| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
6544| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
6545| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
6546| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
6547| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
6548| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
6549| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
6550| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
6551| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
6552| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
6553| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
6554| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
6555| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
6556| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
6557| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6558| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
6559| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6560| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
6561| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6562| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
6563| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
6564| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
6565| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
6566| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
6567| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
6568| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
6569| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
6570| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
6571| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
6572| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
6573| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
6574| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
6575| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
6576| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
6577| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
6578| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
6579| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
6580| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
6581| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
6582| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
6583| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
6584| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
6585| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
6586| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
6587| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
6588| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
6589| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
6590| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
6591| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
6592| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
6593| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
6594| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
6595| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
6596| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
6597| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
6598| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
6599| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
6600| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
6601| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
6602| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
6603| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
6604| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
6605| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
6606| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
6607| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
6608| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
6609| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
6610| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
6611| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
6612| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
6613| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
6614| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
6615| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
6616| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
6617| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
6618| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
6619| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
6620| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
6621| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
6622| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
6623| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
6624| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
6625| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
6626| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
6627| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
6628| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
6629| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
6630| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
6631| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
6632| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
6633| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
6634| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
6635| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
6636| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
6637| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
6638| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
6639| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
6640| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
6641| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
6642| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
6643| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
6644| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
6645| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
6646| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
6647| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
6648| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
6649| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
6650| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
6651| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
6652| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
6653| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
6654| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
6655| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
6656| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
6657| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
6658| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
6659| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
6660| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
6661| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
6662| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
6663| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
6664| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
6665| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
6666| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
6667| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
6668| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
6669| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
6670| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
6671| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
6672| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
6673| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
6674| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
6675| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
6676| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
6677| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
6678| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
6679| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
6680| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
6681| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
6682| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
6683| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
6684| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
6685| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
6686| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
6687| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
6688| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
6689| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
6690| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
6691| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
6692| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
6693| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
6694| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
6695| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
6696| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
6697| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
6698| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
6699| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
6700| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
6701| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
6702| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
6703| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
6704| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
6705| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
6706| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
6707| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
6708| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
6709| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
6710| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
6711| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
6712| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
6713| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
6714| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
6715| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
6716| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
6717| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
6718| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
6719| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
6720| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
6721| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
6722| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
6723| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
6724| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
6725| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
6726| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
6727| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
6728| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
6729| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
6730| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
6731| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
6732| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
6733| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
6734| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
6735| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
6736| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
6737| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
6738| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
6739| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
6740| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
6741| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
6742| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
6743| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
6744| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
6745| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
6746| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
6747| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
6748| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
6749| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
6750| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
6751| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
6752| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
6753| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
6754| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
6755| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
6756| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
6757| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
6758| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
6759| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
6760| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
6761| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
6762| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
6763| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
6764| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
6765| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
6766| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
6767| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
6768| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
6769| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
6770| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
6771| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
6772| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
6773| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
6774| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
6775| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
6776| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
6777| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
6778| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
6779| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
6780| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
6781| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
6782| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
6783| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
6784| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
6785| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
6786| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
6787| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
6788| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
6789| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
6790| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
6791| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
6792| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
6793| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
6794| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
6795| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
6796| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
6797| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
6798| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
6799| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
6800| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
6801| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
6802| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
6803| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
6804| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
6805| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
6806| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
6807| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
6808| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
6809| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
6810| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
6811| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
6812| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
6813| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
6814| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
6815| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
6816| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
6817| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
6818| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
6819| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
6820| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
6821| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
6822| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
6823| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
6824| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
6825| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
6826| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
6827| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
6828| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
6829| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
6830| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
6831| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
6832| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
6833| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
6834| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
6835| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
6836| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
6837| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
6838| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
6839| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
6840| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
6841| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
6842| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
6843| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
6844| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
6845| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
6846| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
6847| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
6848| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
6849| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
6850| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
6851| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
6852| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
6853| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
6854| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
6855| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
6856| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
6857| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
6858| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
6859| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
6860| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
6861| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
6862| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
6863| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
6864| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
6865| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
6866| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
6867| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
6868| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
6869| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
6870| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
6871| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
6872| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
6873| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
6874| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
6875| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
6876| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
6877| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
6878| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
6879| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
6880| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
6881| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
6882| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
6883| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
6884| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
6885| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
6886| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
6887| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
6888| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
6889| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
6890| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
6891| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
6892| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
6893| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
6894| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
6895| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
6896| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
6897| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
6898| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
6899| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
6900| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
6901| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
6902| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
6903| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
6904| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
6905| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
6906| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
6907| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
6908| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
6909| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
6910| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
6911| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
6912| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
6913| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
6914| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
6915| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
6916| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
6917| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
6918| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
6919| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
6920| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
6921| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
6922| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
6923| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
6924| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
6925| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
6926| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
6927| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
6928| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
6929| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
6930| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
6931| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
6932| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
6933| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
6934| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
6935| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
6936| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
6937| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
6938| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
6939| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
6940| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
6941| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
6942| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
6943| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
6944| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
6945| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
6946| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
6947| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
6948| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
6949| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
6950| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
6951| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
6952| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
6953| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
6954| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
6955| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
6956| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
6957| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
6958| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
6959| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
6960| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
6961| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
6962| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
6963| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
6964| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
6965| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
6966| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
6967| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
6968| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
6969| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
6970| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
6971| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
6972| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
6973| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
6974| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
6975| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
6976| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
6977| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
6978| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
6979| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
6980| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
6981| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
6982| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
6983| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
6984| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
6985| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
6986| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
6987| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
6988| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
6989| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
6990| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
6991| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
6992| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
6993| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
6994| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
6995| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
6996| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
6997| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
6998| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
6999| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
7000| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
7001| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
7002| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
7003| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
7004| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
7005| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
7006| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
7007| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
7008| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
7009| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
7010| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
7011| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
7012| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
7013| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
7014| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
7015| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
7016| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
7017| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
7018| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
7019| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
7020| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
7021| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
7022| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
7023| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
7024| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
7025| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
7026| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
7027| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
7028| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
7029| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
7030| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
7031| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
7032| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
7033| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
7034| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
7035| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
7036| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
7037| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
7038| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
7039| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
7040| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
7041| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
7042| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
7043| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
7044| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
7045| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
7046| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
7047| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
7048| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
7049| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
7050| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
7051| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
7052| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
7053| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
7054| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
7055| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
7056| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
7057| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
7058| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
7059| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
7060| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
7061| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
7062| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
7063| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
7064| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
7065| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
7066| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
7067| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
7068| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
7069| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
7070| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
7071| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
7072| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
7073| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
7074| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
7075| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
7076| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
7077| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
7078| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
7079| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
7080| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
7081| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
7082| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
7083| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
7084| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
7085| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
7086| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
7087| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
7088| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
7089| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
7090| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
7091| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
7092| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
7093| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
7094| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
7095| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
7096| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
7097| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
7098| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
7099| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
7100| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
7101| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
7102| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
7103| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
7104| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
7105| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
7106| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
7107| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
7108| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
7109| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
7110| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
7111| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
7112| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
7113| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
7114| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
7115| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
7116| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
7117| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
7118| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
7119| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
7120| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7121| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7122| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7123| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7124| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
7125| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
7126| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
7127| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
7128| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
7129| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
7130| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
7131| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
7132| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
7133| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
7134| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
7135| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
7136| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
7137| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
7138| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
7139| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
7140| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
7141| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
7142| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
7143| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
7144| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
7145| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
7146| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
7147| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
7148| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
7149| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
7150| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
7151| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
7152| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
7153| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
7154| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
7155| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
7156| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
7157| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
7158| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
7159| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
7160| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
7161| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
7162| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
7163| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
7164| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
7165| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
7166| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
7167| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
7168| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
7169| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
7170| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
7171| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
7172| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
7173| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7174| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7175| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7176| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
7177| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
7178| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
7179| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
7180| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
7181| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
7182| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
7183| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
7184| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
7185| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
7186| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
7187| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
7188| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
7189| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
7190| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
7191| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
7192| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
7193| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
7194| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
7195| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
7196| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
7197| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
7198| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
7199| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
7200| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
7201| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
7202| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
7203| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
7204| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
7205| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
7206| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
7207| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
7208| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
7209| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
7210| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
7211| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
7212| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
7213| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
7214| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
7215| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
7216| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
7217| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
7218| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
7219| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
7220| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
7221| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
7222| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
7223| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
7224| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
7225| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
7226| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
7227| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
7228| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
7229| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
7230| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
7231| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
7232| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
7233| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
7234| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
7235| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7236| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7237| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7238| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
7239| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
7240| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
7241| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
7242| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
7243| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
7244| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
7245| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
7246| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
7247| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
7248| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
7249| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
7250| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
7251| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
7252| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
7253| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
7254| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
7255| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
7256| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
7257| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
7258| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
7259| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
7260| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
7261| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
7262| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
7263| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
7264| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
7265| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
7266| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
7267| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
7268|
7269| SecurityFocus - https://www.securityfocus.com/bid/:
7270| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
7271| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
7272| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
7273| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
7274| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
7275| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
7276| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
7277| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
7278| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
7279| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
7280| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
7281| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
7282| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
7283| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
7284| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
7285| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
7286| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
7287| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
7288| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
7289| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
7290| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
7291| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
7292| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
7293| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
7294| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
7295| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
7296| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
7297| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
7298| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
7299| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
7300| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
7301| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
7302| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
7303| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
7304| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
7305| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
7306| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
7307| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
7308| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
7309| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
7310| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
7311| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
7312| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
7313| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
7314| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
7315| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
7316| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
7317| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
7318| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
7319| [22716] Microsoft Office 2003 Denial of Service Vulnerability
7320| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
7321| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
7322| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
7323| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
7324| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
7325| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
7326| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
7327| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
7328| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
7329| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
7330| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
7331| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
7332| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
7333| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
7334| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
7335| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
7336| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
7337| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
7338| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
7339| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
7340| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
7341| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
7342| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
7343| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
7344| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
7345| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
7346| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
7347| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
7348| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
7349| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
7350| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
7351| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
7352| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
7353| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
7354| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
7355| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
7356| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
7357| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
7358| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
7359| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
7360| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
7361| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
7362| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
7363| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
7364| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
7365| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
7366| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
7367| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
7368| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
7369| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
7370| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
7371| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
7372| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
7373| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
7374| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
7375| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
7376| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
7377| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
7378| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
7379| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
7380| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
7381| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
7382| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
7383| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
7384| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
7385| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
7386| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
7387| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
7388| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
7389| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
7390| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
7391| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
7392| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
7393| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
7394| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
7395| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
7396| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
7397| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
7398| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
7399| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
7400| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
7401| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
7402| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
7403| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
7404| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
7405| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
7406| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
7407| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
7408| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
7409| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
7410| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
7411| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
7412| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
7413| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
7414| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
7415| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
7416| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
7417| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
7418| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
7419| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
7420| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
7421| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
7422| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
7423| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
7424| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
7425| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
7426| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
7427| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
7428| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
7429| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
7430| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
7431| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
7432| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
7433| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
7434| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
7435| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
7436| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
7437| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
7438| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
7439| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
7440| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
7441| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
7442| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
7443| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
7444| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
7445| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
7446| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
7447| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
7448| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
7449| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
7450| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
7451| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
7452| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
7453| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
7454| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
7455| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
7456| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
7457| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
7458| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
7459| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
7460| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
7461| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
7462| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
7463| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
7464| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
7465| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
7466| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
7467| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
7468| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
7469| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
7470| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
7471| [1197] Microsoft Office 2000 UA Control Vulnerability
7472| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
7473| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
7474| [539] Microsoft Windows 2000 EFS Vulnerability
7475| [180] Microsoft Windows April Fools 2001 Vulnerability
7476| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
7477| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
7478| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
7479| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
7480| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
7481| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
7482| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
7483| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
7484| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
7485| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
7486| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
7487| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
7488| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
7489| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
7490| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
7491| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
7492| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
7493| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
7494| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
7495| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
7496| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
7497| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
7498| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
7499| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
7500| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
7501| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
7502| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
7503| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
7504| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
7505| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
7506| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
7507| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
7508| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
7509| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
7510| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
7511| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
7512| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
7513| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
7514| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
7515| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
7516| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
7517| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
7518| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
7519| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
7520| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
7521| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
7522| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
7523| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
7524| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
7525| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
7526| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
7527| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
7528| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
7529| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
7530| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
7531| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
7532| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
7533| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
7534| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
7535| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
7536| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
7537| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
7538| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
7539| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
7540| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
7541|
7542| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7543| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
7544| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
7545| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
7546| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
7547| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
7548| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
7549| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
7550| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
7551| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
7552| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
7553| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
7554| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
7555| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
7556| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
7557| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
7558| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
7559| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
7560| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
7561| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
7562| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
7563| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
7564| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
7565| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
7566| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
7567| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
7568| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
7569| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
7570| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
7571| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
7572| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
7573| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
7574| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
7575| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
7576| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
7577| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
7578| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
7579| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
7580| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
7581| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
7582| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
7583| [48595] Microsoft Word 2007 Email as PDF information disclosure
7584| [46102] Microsoft Windows 2003 SP2 is not installed on the system
7585| [46101] Microsoft Windows 2003 SP1 is not installed on the system
7586| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
7587| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
7588| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
7589| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
7590| [34599] Microsoft Windows Server 2003 terminal server security bypass
7591| [34473] Microsoft Office 2000 ActiveX control buffer overflow
7592| [33713] Microsoft Word 2007 multiple unspecified denial of service
7593| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
7594| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
7595| [31821] Microsoft Windows time zone update for year 2007
7596| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
7597| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
7598| [29546] Microsoft Windows 2000/2003 user logoff initiated
7599| [29545] Microsoft Windows 2000/2003 system time changed
7600| [29544] Microsoft Windows 2000/2003 system security access removed
7601| [29543] Microsoft Windows 2000/2003 security access granted
7602| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
7603| [29541] Microsoft Windows 2000/2003 primary security token issued
7604| [29540] Microsoft Windows 2000/2003 user password reset successful
7605| [29539] Microsoft Windows 2000/2003 object indirectly accessed
7606| [29538] Microsoft Windows 2000/2003 object handle duplicated
7607| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
7608| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
7609| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
7610| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
7611| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
7612| [29532] Microsoft Windows 2000/2003 IKE security association established
7613| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
7614| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
7615| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
7616| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
7617| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
7618| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
7619| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
7620| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
7621| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
7622| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
7623| [29521] Microsoft Windows 2000/2003 account name changed
7624| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
7625| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
7626| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
7627| [26118] Microsoft Office 2003 mailto: information disclosure
7628| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
7629| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
7630| [24473] Microsoft Windows 2000 event ID 565 not logged
7631| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
7632| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
7633| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
7634| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
7635| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
7636| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
7637| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
7638| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
7639| [22183] Microsoft Exchange Server 2003 public folder denial of service
7640| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
7641| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
7642| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
7643| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
7644| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
7645| [19629] Microsoft Exchange Server 2003 folder denial of service
7646| [17826] Microsoft Outlook 2003 CID security bypass
7647| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
7648| [17621] Microsoft Windows 2003 SMTP service code execution
7649| [17560] Microsoft Windows 2000 and XP GDI library denial of service
7650| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
7651| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
7652| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
7653| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
7654| [16907] Microsoft Windows 2003 users with Create global objects privilege
7655| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
7656| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
7657| [16704] Microsoft Windows 2000 Media Player control code execution
7658| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
7659| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
7660| [16570] Microsoft Windows 2003 Users with Create global objects privilege
7661| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
7662| [16562] Microsoft Windows 2003 Groups with "
7663| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
7664| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
7665| [16520] Microsoft Windows 2003 Create global objects privilege
7666| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
7667| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
7668| [16119] Microsoft Outlook 2000 URL spoofing
7669| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
7670| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
7671| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
7672| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
7673| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
7674| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
7675| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
7676| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
7677| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
7678| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
7679| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
7680| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
7681| [13426] Microsoft Windows 2000 and XP RPC race condition
7682| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
7683| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
7684| [13385] Microsoft Windows Server 2003 "
7685| [13211] Microsoft Windows 2000 and XP URG memory leak
7686| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
7687| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
7688| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
7689| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
7690| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
7691| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
7692| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
7693| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
7694| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
7695| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
7696| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
7697| [11901] Microsoft BizTalk Server 2002 SQL injection
7698| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
7699| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
7700| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
7701| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
7702| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
7703| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
7704| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
7705| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
7706| [11216] Microsoft Windows NT and 2000 command prompt denial of service
7707| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
7708| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
7709| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
7710| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
7711| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
7712| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
7713| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
7714| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
7715| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
7716| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
7717| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
7718| [9779] Microsoft Windows 2000 weak system partition permissions
7719| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
7720| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
7721| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
7722| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
7723| [8867] Microsoft Windows 2000 LanMan denial of service
7724| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
7725| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
7726| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
7727| [8739] Microsoft Windows 2000 DCOM memory leak
7728| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
7729| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
7730| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
7731| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
7732| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
7733| [8199] Microsoft Windows 2000 Terminal Services unlocked client
7734| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
7735| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
7736| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
7737| [8037] Microsoft Windows 2000 empty TCP packet denial of service
7738| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
7739| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
7740| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
7741| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
7742| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
7743| [7533] Microsoft Windows 2000 RunAs service denial of service
7744| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
7745| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
7746| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
7747| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
7748| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
7749| [7008] Microsoft Windows 2000 IrDA device denial of service
7750| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
7751| [6931] Microsoft Windows 2000 without Service Pack 2
7752| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
7753| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
7754| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
7755| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
7756| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
7757| [6669] Microsoft Windows 2000 Telnet system call denial of service
7758| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
7759| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
7760| [6666] Microsoft Windows 2000 Telnet username denial of service
7761| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
7762| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
7763| [6652] Microsoft Exchange 2000 OWA script execution
7764| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
7765| [6506] Microsoft Windows 2000 Server Kerberos denial of service
7766| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
7767| [6160] Microsoft Windows 2000 event viewer buffer overflow
7768| [6136] Microsoft Windows 2000 domain controller denial of service
7769| [6035] Microsoft Windows 2000 Server RDP denial of service
7770| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
7771| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
7772| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
7773| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
7774| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
7775| [5585] Microsoft Windows 2000 brute force attack
7776| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
7777| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
7778| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
7779| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
7780| [5263] Microsoft Office 2000 executes .dll without users knowledge
7781| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
7782| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
7783| [5203] Microsoft Windows 2000 still image service
7784| [5171] Microsoft Windows 2000 Local Security Policy corruption
7785| [5080] Microsoft Office 2000 HTML object tag buffer overflow
7786| [5033] Microsoft Windows 2000 without Service Pack 1
7787| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
7788| [5015] Microsoft Windows NT and 2000 executable path
7789| [4887] Microsoft Windows 2000 Kerberos ticket renewed
7790| [4886] Microsoft Windows 2000 logon session reconnected
7791| [4885] Microsoft Windows 2000 logon session disconnected
7792| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
7793| [4873] Microsoft Windows 2000 user account mapped for logon
7794| [4872] Microsoft Windows 2000 account logon failed
7795| [4871] Microsoft Windows 2000 account used for logon
7796| [4855] Microsoft Windows 2000 group type change
7797| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
7798| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
7799| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
7800| [4819] Microsoft Windows 2000 default SYSKEY configuration
7801| [4787] Microsoft Windows 2000 user account locked out
7802| [4786] Microsoft Windows 2000 computer account created
7803| [4785] Microsoft Windows 2000 computer account changed
7804| [4784] Microsoft Windows 2000 computer account deleted
7805| [4714] Microsoft Windows 2000 "
7806| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
7807| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
7808| [4138] Microsoft Windows 2000 system file integrity feature is disabled
7809| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
7810| [4085] Microsoft Windows 2000 non-Gregorial calendar error
7811| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
7812| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
7813| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
7814| [4080] Microsoft Windows 2000 AOL image support
7815| [4079] Microsoft Windows 2000 High Encryption Pack
7816| [3854] Microsoft Office 2000 security setting
7817| [1376] Microsoft Proxy 2.0 denial of service
7818| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
7819| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
7820| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
7821| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
7822| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
7823| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
7824| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
7825| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
7826| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
7827| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
7828| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
7829| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
7830| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
7831| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
7832| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
7833| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
7834| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
7835| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
7836| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
7837| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
7838| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
7839| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
7840| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
7841| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
7842| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
7843| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
7844| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
7845| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
7846| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
7847| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
7848| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
7849| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
7850| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
7851| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
7852| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
7853| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
7854| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
7855| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
7856| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
7857| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
7858| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
7859| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
7860| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
7861| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
7862| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
7863| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
7864| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
7865| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
7866| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
7867| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
7868| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
7869| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
7870| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
7871| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
7872| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
7873| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
7874| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
7875| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
7876| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
7877| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
7878| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
7879| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
7880| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
7881| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
7882| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
7883| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
7884| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
7885| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
7886| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
7887| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
7888| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
7889| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
7890| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
7891| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
7892| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
7893| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
7894| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
7895| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
7896| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
7897| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
7898| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
7899| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
7900| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
7901| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
7902| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
7903| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
7904| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
7905| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
7906| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
7907| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
7908| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
7909| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
7910| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
7911| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
7912| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
7913| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
7914| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
7915| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
7916| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
7917| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
7918| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
7919| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
7920| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
7921| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
7922| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
7923| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
7924| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
7925| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
7926| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
7927| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
7928| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
7929| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
7930| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
7931| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
7932| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
7933| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
7934| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
7935| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
7936| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
7937| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
7938| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
7939| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
7940| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
7941| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
7942| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
7943| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
7944| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
7945| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
7946| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
7947| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
7948| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
7949| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
7950| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
7951| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
7952| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
7953| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
7954| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
7955| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
7956| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
7957| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
7958| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
7959| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
7960| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
7961| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
7962| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
7963| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
7964| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
7965| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
7966| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
7967| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
7968| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
7969| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
7970| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
7971| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
7972| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
7973| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
7974| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
7975| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
7976| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
7977| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
7978| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
7979| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
7980| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
7981| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
7982| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
7983| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
7984| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
7985| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
7986| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
7987| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
7988| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
7989| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
7990| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
7991| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
7992| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
7993| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
7994| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
7995| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
7996| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
7997| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
7998| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
7999| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
8000| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
8001| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
8002| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
8003| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
8004| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
8005| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
8006| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
8007| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
8008| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
8009| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
8010| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
8011| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
8012| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
8013| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
8014| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
8015| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
8016| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
8017| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
8018| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
8019| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
8020| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
8021| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
8022| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
8023| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
8024| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
8025| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
8026| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
8027| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
8028| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
8029| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
8030| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
8031| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
8032| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
8033| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
8034| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
8035| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
8036| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
8037| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
8038| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
8039| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
8040| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
8041| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
8042| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
8043| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
8044| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
8045| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
8046| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
8047| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
8048| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
8049| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
8050| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
8051| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
8052| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
8053| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
8054| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
8055| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
8056| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
8057| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
8058| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
8059| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
8060| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
8061| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
8062| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
8063| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
8064| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
8065| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
8066| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
8067| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
8068| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
8069| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
8070| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
8071| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
8072| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
8073| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
8074| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
8075| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
8076| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
8077| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
8078| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
8079| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
8080| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
8081| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
8082| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
8083| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
8084| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
8085| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
8086| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
8087| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
8088| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
8089| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
8090| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
8091| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
8092| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
8093| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
8094| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
8095| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
8096| [9146] Microsoft Passport SDK 2.1 events reporting disabled
8097| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
8098| [9067] Microsoft Passport SDK 2.1 default test site exposure
8099| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
8100| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
8101| [9064] Microsoft Passport SDK 2.1 default time window exposure
8102| [1271] Microsoft IIS version 2 installed
8103| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
8104|
8105| Exploit-DB - https://www.exploit-db.com:
8106| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
8107| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
8108| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
8109| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
8110| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
8111| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
8112| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
8113| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
8114| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
8115| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
8116| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
8117| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
8118| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
8119| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
8120| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
8121| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
8122| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
8123| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
8124| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
8125| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
8126| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
8127| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
8128| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
8129| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
8130| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
8131| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
8132| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
8133| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
8134| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
8135| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
8136| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
8137| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
8138| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
8139| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
8140| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
8141| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
8142| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
8143| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
8144| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
8145| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
8146| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
8147| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
8148| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
8149| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
8150| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
8151| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
8152| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
8153| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
8154| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
8155| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
8156| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
8157| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
8158| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
8159| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
8160| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
8161| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
8162| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
8163| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
8164| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
8165| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
8166| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
8167| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
8168| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
8169| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
8170| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
8171| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
8172| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
8173| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
8174| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
8175| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
8176| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
8177| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
8178| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
8179| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
8180| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
8181| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
8182| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
8183| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
8184| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
8185| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
8186| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
8187| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
8188| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
8189| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
8190| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
8191| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
8192| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
8193| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
8194| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
8195| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
8196| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
8197| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
8198| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
8199| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
8200| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
8201| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
8202| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
8203| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
8204| [18334] Microsoft Office 2003 Home/Pro 0day
8205| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
8206| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
8207| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
8208| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
8209| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
8210| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
8211| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
8212| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
8213| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
8214| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
8215| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
8216| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
8217| [3690] microsoft office word 2007 - Multiple Vulnerabilities
8218| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
8219| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
8220| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
8221| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
8222| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
8223| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
8224| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
8225| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
8226| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
8227| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
8228| [22850] Microsoft Office OneNote 2010 Crash PoC
8229| [22679] Microsoft Visio 2010 Crash PoC
8230| [22655] Microsoft Publisher 2013 Crash PoC
8231| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
8232| [22330] Microsoft Office Excel 2010 Crash PoC
8233| [22310] Microsoft Office Publisher 2010 Crash PoC
8234| [22237] Microsoft Office Picture Manager 2010 Crash PoC
8235| [22215] Microsoft Office Word 2010 Crash PoC
8236| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
8237| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
8238| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
8239| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
8240| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
8241| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
8242| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
8243| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
8244| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
8245| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
8246|
8247| OpenVAS (Nessus) - http://www.openvas.org:
8248| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
8249| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
8250| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
8251| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
8252| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
8253| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
8254| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
8255| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
8256| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
8257| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
8258| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
8259| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
8260| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
8261|
8262| SecurityTracker - https://www.securitytracker.com:
8263| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
8264| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
8265| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
8266| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
8267| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
8268| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
8269| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
8270| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
8271| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
8272| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
8273| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
8274| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
8275| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
8276| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
8277| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
8278| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
8279| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
8280| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
8281| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
8282| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
8283| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
8284| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
8285| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
8286| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
8287| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
8288| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
8289| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
8290| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
8291| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
8292| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
8293| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
8294| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
8295| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
8296| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
8297| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
8298| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
8299| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
8300| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
8301| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
8302| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
8303| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
8304| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
8305| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
8306| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
8307| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
8308| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
8309| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
8310| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
8311| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
8312| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
8313| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
8314| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
8315| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
8316| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
8317| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
8318| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
8319| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
8320| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
8321| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
8322|
8323| OSVDB - http://www.osvdb.org:
8324| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
8325| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
8326| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
8327| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
8328| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
8329| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
8330| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
8331| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
8332| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
8333| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
8334| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
8335| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
8336| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
8337| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
8338| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
8339| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
8340| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
8341| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
8342| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
8343| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
8344| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
8345| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
8346| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
8347| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
8348| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
8349| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
8350| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
8351| [28539] Microsoft Word 2000 Unspecified Code Execution
8352| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
8353| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
8354| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
8355| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
8356| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
8357| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
8358| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
8359| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
8360| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
8361| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
8362| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
8363| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
8364| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
8365| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
8366| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
8367| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
8368| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
8369| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
8370| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
8371| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
8372| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
8373| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
8374| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
8375| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
8376| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
8377| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
8378| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
8379| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
8380| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
8381| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
8382| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
8383| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
8384| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
8385| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
8386| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
8387| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
8388| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
8389| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
8390| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
8391| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
8392| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
8393| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
8394| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
8395| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
8396| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
8397| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
8398| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
8399| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
8400| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
8401| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
8402| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
8403| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
8404| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
8405| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
8406| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
8407| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
8408| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
8409| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
8410| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
8411| [8243] Microsoft SMS Port 2702 DoS
8412| [7202] Microsoft PowerPoint 2000 File Loader Overflow
8413| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
8414| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
8415| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
8416| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
8417| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
8418| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
8419| [6965] Microsoft ISA Server 2000 SSL Packet DoS
8420| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
8421| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
8422| [5179] Microsoft Windows 2000 microsoft-ds DoS
8423| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
8424| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
8425| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
8426| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
8427| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
8428| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
8429| [4168] Microsoft Outlook 2002 mailto URI Script Injection
8430| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
8431| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
8432| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
8433| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
8434| [2244] Microsoft Windows 2000 ShellExecute() API Let
8435| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
8436| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
8437| [1764] Microsoft Windows 2000 Domain Controller DoS
8438| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
8439| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
8440| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
8441| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
8442| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
8443| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
8444| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
8445| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
8446| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
8447| [1399] Microsoft Windows 2000 Windows Station Access
8448| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
8449| [1297] Microsoft Windows 2000 Active Directory Object Attribute
8450| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
8451| [773] Microsoft Windows 2000 Group Policy File Lock DoS
8452| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
8453| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
8454| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
8455| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
8456| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
8457| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
8458|_
8459139/tcp closed netbios-ssn
8460443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8461|_http-server-header: Microsoft-HTTPAPI/2.0
8462| vulscan: VulDB - https://vuldb.com:
8463| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
8464| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
8465| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
8466| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
8467| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
8468| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8469| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8470| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8471| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8472| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8473| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8474| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8475| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8476| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8477| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8478| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8479| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8480| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8481| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8482| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
8483| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
8484| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
8485| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
8486| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
8487| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
8488| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
8489| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
8490| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
8491| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
8492| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
8493| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
8494| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
8495| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
8496| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
8497| [114524] Microsoft ASP.NET Core 2.0 denial of service
8498| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
8499| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
8500| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
8501| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
8502| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
8503| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
8504| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
8505| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
8506| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
8507| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8508| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8509| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8510| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8511| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8512| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8513| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8514| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8515| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8516| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8517| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
8518| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
8519| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
8520| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
8521| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
8522| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
8523| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
8524| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
8525| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
8526| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
8527| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
8528| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8529| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
8530| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
8531| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8532| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8533| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8534| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
8535| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
8536| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8537| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8538| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
8539| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
8540| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
8541| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
8542| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
8543| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
8544| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
8545| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
8546| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8547| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
8548| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
8549| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
8550| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
8551| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
8552| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
8553| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
8554| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
8555| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
8556| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
8557| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
8558| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
8559| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
8560| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
8561| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
8562| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
8563| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8564| [98085] Microsoft Excel 2007 SP3 memory corruption
8565| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
8566| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
8567| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
8568| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
8569| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
8570| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
8571| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
8572| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
8573| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
8574| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
8575| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
8576| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8577| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
8578| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
8579| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
8580| [93541] Microsoft Office 2007 SP3 denial of service
8581| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
8582| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
8583| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
8584| [93396] Microsoft Office 2007/2010/2011 memory corruption
8585| [93395] Microsoft Office 2007/2010/2011 memory corruption
8586| [93394] Microsoft Office 2007/2010 memory corruption
8587| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
8588| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
8589| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8590| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
8591| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8592| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8593| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8594| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
8595| [91545] Microsoft Office 2007/2010 memory corruption
8596| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8597| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
8598| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
8599| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
8600| [90705] Microsoft Office 2007/2010/2011 memory corruption
8601| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
8602| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
8603| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
8604| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
8605| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
8606| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
8607| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
8608| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
8609| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
8610| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
8611| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
8612| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
8613| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
8614| [87147] Microsoft Office 2007/2010 memory corruption
8615| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
8616| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
8617| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
8618| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
8619| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
8620| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
8621| [81272] Microsoft Office 2007/2010/2013 memory corruption
8622| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
8623| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8624| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8625| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8626| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
8627| [79505] Microsoft Office 2007 memory corruption
8628| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
8629| [79503] Microsoft Office 2007/2010/2013 memory corruption
8630| [79502] Microsoft Office 2007/2010/2011 memory corruption
8631| [79501] Microsoft Office 2007/2010 memory corruption
8632| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
8633| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
8634| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
8635| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
8636| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
8637| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
8638| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
8639| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
8640| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
8641| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
8642| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
8643| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
8644| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
8645| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
8646| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
8647| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
8648| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
8649| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
8650| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
8651| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
8652| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
8653| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
8654| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
8655| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
8656| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
8657| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
8658| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
8659| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
8660| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
8661| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
8662| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
8663| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
8664| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
8665| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
8666| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
8667| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
8668| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
8669| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
8670| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
8671| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
8672| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
8673| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
8674| [68408] Microsoft Excel 2007/2010/2013 memory corruption
8675| [68407] Microsoft Excel 2007/2010 memory corruption
8676| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
8677| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
8678| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
8679| [68188] Microsoft Word 2007 File memory corruption
8680| [68187] Microsoft Word 2007 File memory corruption
8681| [68186] Microsoft Word 2007 File memory corruption
8682| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
8683| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
8684| [71337] Microsoft Office 2000/2004/XP memory corruption
8685| [67355] Microsoft OneNote 2007 File Processing privilege escalation
8686| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
8687| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
8688| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
8689| [13545] Microsoft Word 2007 Embedded Font memory corruption
8690| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
8691| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
8692| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
8693| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
8694| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
8695| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
8696| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
8697| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
8698| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
8699| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
8700| [12844] Microsoft Word 2007/2010 Office File memory corruption
8701| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
8702| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
8703| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
8704| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
8705| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
8706| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
8707| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
8708| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
8709| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
8710| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
8711| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
8712| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
8713| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
8714| [10648] Microsoft Word 2007 Word File memory corruption
8715| [10647] Microsoft Word 2003 Word File memory corruption
8716| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
8717| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
8718| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
8719| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
8720| [10244] Microsoft Office 2003 SP3 Word File memory corruption
8721| [10243] Microsoft Office 2003/2007 Word File memory corruption
8722| [10242] Microsoft Office 2007 Word File memory corruption
8723| [10241] Microsoft Office 2007 Word File memory corruption
8724| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
8725| [10239] Microsoft Office 2003/2007 Word File memory corruption
8726| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
8727| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
8728| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
8729| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
8730| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
8731| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
8732| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
8733| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
8734| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
8735| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
8736| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
8737| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
8738| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
8739| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
8740| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
8741| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
8742| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
8743| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
8744| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
8745| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
8746| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
8747| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
8748| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
8749| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
8750| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
8751| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
8752| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
8753| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
8754| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
8755| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
8756| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
8757| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
8758| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
8759| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
8760| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
8761| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
8762| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
8763| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
8764| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
8765| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
8766| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
8767| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
8768| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
8769| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
8770| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
8771| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
8772| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
8773| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
8774| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
8775| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
8776| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
8777| [6830] Microsoft Word 2007/2010 File memory corruption
8778| [6819] Microsoft Excel 2007 File memory corruption
8779| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
8780| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
8781| [6621] Microsoft Word 2007 PAPX memory corruption
8782| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
8783| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
8784| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
8785| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
8786| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
8787| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
8788| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
8789| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
8790| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
8791| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
8792| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
8793| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
8794| [5643] Microsoft SharePoint 2007/2010 information disclosure
8795| [5642] Microsoft SharePoint 2007 cross site request forgery
8796| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
8797| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
8798| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
8799| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
8800| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
8801| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
8802| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
8803| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
8804| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
8805| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
8806| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
8807| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
8808| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
8809| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
8810| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
8811| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
8812| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
8813| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
8814| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
8815| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
8816| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
8817| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
8818| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
8819| [4480] Microsoft Excel 2003 memory corruption
8820| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
8821| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
8822| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
8823| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
8824| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
8825| [4470] Microsoft Office 2003 SP3 memory corruption
8826| [4453] Microsoft Excel 2003 Record Parser memory corruption
8827| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
8828| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
8829| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
8830| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
8831| [59005] Microsoft Host Integration Server 2004 denial of service
8832| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
8833| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
8834| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
8835| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
8836| [58488] Microsoft Office 2007/2010 memory corruption
8837| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
8838| [4411] Microsoft Excel 2003 memory corruption
8839| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
8840| [58240] Microsoft Visio 2003/2007 memory corruption
8841| [58237] Microsoft Visio 2003/2007/2010 memory corruption
8842| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
8843| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
8844| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
8845| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
8846| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
8847| [57691] Microsoft SQL Server 2008 Web Service information disclosure
8848| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
8849| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
8850| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
8851| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
8852| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
8853| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
8854| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
8855| [4369] Microsoft Excel 2002/2003/2007 memory corruption
8856| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
8857| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
8858| [57420] Microsoft PowerPoint 2002/2003 memory corruption
8859| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
8860| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
8861| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
8862| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
8863| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
8864| [57076] Microsoft Excel 2002/2003 memory corruption
8865| [57075] Microsoft Excel 2002/2003 memory corruption
8866| [57074] Microsoft Excel 2002 memory corruption
8867| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
8868| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
8869| [4332] Microsoft PowerPoint 2007/2010 memory corruption
8870| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
8871| [56475] Microsoft Office 2004/2008 memory corruption
8872| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
8873| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
8874| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
8875| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
8876| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
8877| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
8878| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
8879| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
8880| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
8881| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
8882| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
8883| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
8884| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
8885| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
8886| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
8887| [55765] Microsoft Office 2003/Xp Integer memory corruption
8888| [55764] Microsoft Office 2003/Xp memory corruption
8889| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
8890| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
8891| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
8892| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
8893| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
8894| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
8895| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
8896| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
8897| [55420] Microsoft Office 2007/2010 memory corruption
8898| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
8899| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
8900| [55411] Microsoft PowerPoint 2002/2003 memory corruption
8901| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
8902| [54995] Microsoft Office 2004/2008 memory corruption
8903| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
8904| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
8905| [54992] Microsoft Excel 2002 memory corruption
8906| [54991] Microsoft Office 2004 Future memory corruption
8907| [54990] Microsoft Office 2004 memory corruption
8908| [54989] Microsoft Office 2004/2008 memory corruption
8909| [54988] Microsoft Excel 2002 memory corruption
8910| [54987] Microsoft Excel 2002 memory corruption
8911| [54986] Microsoft Excel 2002/2003 memory corruption
8912| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
8913| [54984] Microsoft Office 2004/2008 memory corruption
8914| [54983] Microsoft Excel 2002 Integer memory corruption
8915| [54980] Microsoft Word 2002/2003 memory corruption
8916| [54979] Microsoft Word 2002 memory corruption
8917| [54978] Microsoft Word 2002 memory corruption
8918| [54977] Microsoft Word 2002 Heap-based memory corruption
8919| [54976] Microsoft Word 2002 memory corruption
8920| [54975] Microsoft Word 2002 memory corruption
8921| [54974] Microsoft Word 2002 memory corruption
8922| [54973] Microsoft Word 2002 memory corruption
8923| [54972] Microsoft Word 2002 memory corruption
8924| [54971] Microsoft Word 2002 memory corruption
8925| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
8926| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
8927| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
8928| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
8929| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
8930| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
8931| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
8932| [54554] Microsoft Groove 2007 mso.dll memory corruption
8933| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
8934| [54322] Microsoft Word 2002/2003 memory corruption
8935| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
8936| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
8937| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
8938| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
8939| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
8940| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
8941| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
8942| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
8943| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
8944| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
8945| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
8946| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
8947| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
8948| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
8949| [53505] Microsoft Excel 2002/2007 memory corruption
8950| [53501] Microsoft Excel 2002 memory corruption
8951| [53500] Microsoft Excel 2002 memory corruption
8952| [53499] Microsoft Excel 2002 memory corruption
8953| [53495] Microsoft Excel 2002/2003/2007 memory corruption
8954| [53494] Microsoft Excel 2002 Stack-based memory corruption
8955| [53504] Microsoft Excel 2002 memory corruption
8956| [53503] Microsoft Excel 2002 Stack-Based memory corruption
8957| [53502] Microsoft Excel 2002 Heap-based memory corruption
8958| [53498] Microsoft Excel 2002 Stack-based memory corruption
8959| [53497] Microsoft Excel 2002 memory corruption
8960| [53496] Microsoft Excel 2002 memory corruption
8961| [53493] Microsoft Excel 2002/2003/2007 memory corruption
8962| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
8963| [53366] Microsoft ASP.NET 2.0 cross site scripting
8964| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
8965| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
8966| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
8967| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
8968| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
8969| [52773] Microsoft Visio 2002/2003/2007 memory corruption
8970| [52772] Microsoft Visio 2002/2003/2007 memory corruption
8971| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
8972| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
8973| [52543] Microsoft Virtual PC 2007 unknown vulnerability
8974| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
8975| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
8976| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
8977| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
8978| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
8979| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
8980| [4090] Microsoft Excel 2002/2003/2007 memory corruption
8981| [52036] Microsoft Windows 2000 MsgBox memory corruption
8982| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
8983| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
8984| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
8985| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
8986| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
8987| [51799] Microsoft PowerPoint 2002/2003 memory corruption
8988| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
8989| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
8990| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
8991| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
8992| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
8993| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
8994| [51074] Microsoft Office 2002/2003 Integer memory corruption
8995| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
8996| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
8997| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
8998| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
8999| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
9000| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
9001| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
9002| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
9003| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
9004| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
9005| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
9006| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
9007| [50443] Microsoft PowerPoint 2007 Integer memory corruption
9008| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
9009| [49866] Microsoft Windows Server 2003 memory corruption
9010| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
9011| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
9012| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
9013| [49745] Microsoft Windows Server 2003 denial of service
9014| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
9015| [49394] Microsoft Windows Server 2003 memory corruption
9016| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
9017| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
9018| [49198] Microsoft Visual Studio 2005 information disclosure
9019| [49047] Microsoft Virtual Server 2005 privilege escalation
9020| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
9021| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
9022| [49044] Microsoft ISA Server 2006 privilege escalation
9023| [3999] Microsoft Office 2007 Pointer memory corruption
9024| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
9025| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
9026| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
9027| [48517] Microsoft Windows 2000 Memory Leak memory corruption
9028| [48516] Microsoft Windows Server 2008 unknown vulnerability
9029| [48512] Microsoft Windows Server 2008 unknown vulnerability
9030| [48515] Microsoft Office Word Viewer 2003 memory corruption
9031| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
9032| [48554] Microsoft Excel 2000/2003/2007 memory corruption
9033| [48157] Microsoft PowerPoint 2002 Sound memory corruption
9034| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
9035| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
9036| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
9037| [48150] Microsoft PowerPoint 2002 Sound memory corruption
9038| [48147] Microsoft PowerPoint 2002 Sound memory corruption
9039| [48146] Microsoft PowerPoint 2002 Integer memory corruption
9040| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
9041| [48153] Microsoft PowerPoint 2002 Sound memory corruption
9042| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
9043| [48149] Microsoft PowerPoint 2002 memory corruption
9044| [48148] Microsoft PowerPoint 2002 Sound memory corruption
9045| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
9046| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
9047| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
9048| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
9049| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
9050| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
9051| [47719] Microsoft Windows 2000 Stack-based memory corruption
9052| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
9053| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
9054| [47715] Microsoft Windows 2000 Wordpad memory corruption
9055| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
9056| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
9057| [3952] Microsoft ISA Server 2004/2006 denial of service
9058| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
9059| [47091] Microsoft Windows Server 2008 unknown vulnerability
9060| [47090] Microsoft Windows Server 2008 unknown vulnerability
9061| [3939] Microsoft Windows 2000 DNS spoofing
9062| [3938] Microsoft Windows 2000 SSL weak authentication
9063| [3937] Microsoft Windows 2000 memory corruption
9064| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
9065| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
9066| [46455] Microsoft Exchange Server 2007 denial of service
9067| [46454] Microsoft Exchange Server 2007 memory corruption
9068| [46453] Microsoft Visio 2002/2003/2007 memory corruption
9069| [46452] Microsoft Visio 2002/2003/2007 memory corruption
9070| [46451] Microsoft Visio 2002/2003/2007 memory corruption
9071| [46327] Microsoft Word 2007 information disclosure
9072| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
9073| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
9074| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
9075| [45379] Microsoft Office SharePoint Server 2007 denial of service
9076| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
9077| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
9078| [3891] Microsoft Excel 2000/2002/2003 memory corruption
9079| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
9080| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
9081| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
9082| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
9083| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
9084| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
9085| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
9086| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
9087| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
9088| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
9089| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
9090| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
9091| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
9092| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
9093| [45197] Microsoft Windows 2000 nskey.dll memory corruption
9094| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
9095| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
9096| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
9097| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
9098| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
9099| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
9100| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
9101| [3844] Microsoft Excel 2003 REPT memory corruption
9102| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
9103| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
9104| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
9105| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
9106| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
9107| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
9108| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
9109| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
9110| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
9111| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
9112| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
9113| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
9114| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
9115| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
9116| [43657] Microsoft Office 2000/2003/Xp memory corruption
9117| [43654] Microsoft SharePoint Server 2007 memory corruption
9118| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
9119| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
9120| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
9121| [3796] Microsoft Office 2000 WPG memory corruption
9122| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
9123| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
9124| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
9125| [3792] Microsoft Office 2000 EPS File memory corruption
9126| [3783] Microsoft Word 2002 memory corruption
9127| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
9128| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
9129| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
9130| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
9131| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
9132| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
9133| [42816] Microsoft Word 2000/2003 memory corruption
9134| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
9135| [42731] Microsoft Windows Server 2003 denial of service
9136| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
9137| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
9138| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
9139| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
9140| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
9141| [41880] Microsoft Project 2000/2002/2003 memory corruption
9142| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
9143| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
9144| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
9145| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
9146| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
9147| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
9148| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
9149| [41453] Microsoft Excel 2000/2002/2003 memory corruption
9150| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
9151| [41451] Microsoft Excel 2000/2002/2003 memory corruption
9152| [41450] Microsoft Excel 2000 memory corruption
9153| [41449] Microsoft Excel 2000/2002/2003 memory corruption
9154| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
9155| [3648] Microsoft Excel 2003 memory corruption
9156| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
9157| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
9158| [41002] Microsoft Office 2000/2003/Xp memory corruption
9159| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
9160| [41000] Microsoft Works 2005/8.0 memory corruption
9161| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
9162| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
9163| [40987] Microsoft Windows 2000 denial of service
9164| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
9165| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
9166| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
9167| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
9168| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
9169| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
9170| [39655] Microsoft Windows Server 2003 spoofing
9171| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
9172| [3373] Microsoft Word 2000/2002 memory corruption
9173| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
9174| [38899] Microsoft ISA Server 2004 information disclosure
9175| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
9176| [38326] Microsoft Windows 2000 attemptwrite memory corruption
9177| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
9178| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
9179| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
9180| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
9181| [37738] Microsoft Office 2002/2003 memory corruption
9182| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
9183| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
9184| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
9185| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
9186| [37566] Microsoft Excel 2003 unknown vulnerability
9187| [37526] Microsoft Windows 2000/Server 2003 denial of service
9188| [37248] Microsoft Visio 2002 Packaging memory corruption
9189| [37251] Microsoft Windows 2000 memory corruption
9190| [3119] Microsoft Visio 2002 Object memory corruption
9191| [3118] Microsoft Visio 2002 Data memory corruption
9192| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
9193| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
9194| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
9195| [36616] Microsoft Works 2004/2005/2006 memory corruption
9196| [36621] Microsoft Exchange Server 2000 Integer denial of service
9197| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
9198| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
9199| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
9200| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
9201| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
9202| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
9203| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
9204| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
9205| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
9206| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
9207| [36039] Microsoft Content Management Server 2001 memory corruption
9208| [36052] Microsoft Windows 2000 Heap-based memory corruption
9209| [36051] Microsoft Word 2007 file798-1.doc memory corruption
9210| [36050] Microsoft Word 2007 file789-1.doc memory corruption
9211| [36040] Microsoft Content Management Server 2001 cross site scripting
9212| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
9213| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
9214| [36002] Microsoft Windows 2000/XP denial of service
9215| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
9216| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
9217| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
9218| [35373] Microsoft Excel 2003 denial of service
9219| [35372] Microsoft Office 2003 denial of service
9220| [35206] Microsoft Windows Server 2003/XP Crash denial of service
9221| [35161] Microsoft ISA Server 2004 unknown vulnerability
9222| [35236] Microsoft Publisher 2007 memory corruption
9223| [2939] Microsoft Word 2000 memory corruption
9224| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
9225| [34993] Microsoft Office 2000/2003/Xp memory corruption
9226| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
9227| [35000] Microsoft Word 2000/2002/2003 memory corruption
9228| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
9229| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
9230| [2884] Microsoft Word 2000/2002/2003 memory corruption
9231| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
9232| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
9233| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
9234| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
9235| [34322] Microsoft Office 2000/2003/Xp memory corruption
9236| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
9237| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
9238| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
9239| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
9240| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
9241| [34126] Microsoft Office 2003 memory corruption
9242| [34122] Microsoft Office Web Components 2000 memory corruption
9243| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
9244| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
9245| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
9246| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
9247| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
9248| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
9249| [33766] Microsoft Word 2000/2002/2003 memory corruption
9250| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
9251| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
9252| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
9253| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
9254| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
9255| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
9256| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
9257| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
9258| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
9259| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
9260| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
9261| [32693] Microsoft Word 2004 memory corruption
9262| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
9263| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
9264| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
9265| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
9266| [32694] Microsoft Windows 2000 memory corruption
9267| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
9268| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
9269| [32687] Microsoft Word 2000/2002 memory corruption
9270| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
9271| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
9272| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
9273| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
9274| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
9275| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
9276| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
9277| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
9278| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
9279| [2593] Microsoft ASP.NET 2.0 cross site scripting
9280| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
9281| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
9282| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
9283| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
9284| [141635] Microsoft .NET Core 2.1/2.2 denial of service
9285| [141633] Microsoft Excel up to 2019 memory corruption
9286| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
9287| [141630] Microsoft Windows up to Server 2019 denial of service
9288| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
9289| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
9290| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
9291| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
9292| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
9293| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
9294| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
9295| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
9296| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
9297| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
9298| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
9299| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
9300| [141610] Microsoft Excel up to 2019 information disclosure
9301| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9302| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
9303| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
9304| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
9305| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
9306| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
9307| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
9308| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9309| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9310| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9311| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9312| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9313| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9314| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9315| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9316| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9317| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9318| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9319| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9320| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
9321| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
9322| [141583] Microsoft Lync Server 2013 Conference directory traversal
9323| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
9324| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
9325| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
9326| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
9327| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
9328| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
9329| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
9330| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
9331| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9332| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9333| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9334| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9335| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
9336| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
9337| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
9338| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
9339| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
9340| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
9341| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
9342| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
9343| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
9344| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
9345| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
9346| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
9347| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
9348| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
9349| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
9350| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
9351| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
9352| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
9353| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
9354| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
9355| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
9356| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
9357| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9358| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9359| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9360| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9361| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9362| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9363| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9364| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9365| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9366| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
9367| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
9368| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9369| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9370| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
9371| [139911] Microsoft Windows up to Server 2019 denial of service
9372| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9373| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
9374| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
9375| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9376| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9377| [139902] Microsoft Word up to 2019 memory corruption
9378| [139901] Microsoft Outlook up to 2019 memory corruption
9379| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
9380| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9381| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9382| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9383| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
9384| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
9385| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
9386| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
9387| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
9388| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
9389| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9390| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
9391| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
9392| [139877] Microsoft Outlook up to 2019 memory corruption
9393| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9394| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9395| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
9396| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
9397| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
9398| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
9399| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
9400| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
9401| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9402| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9403| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9404| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9405| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9406| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9407| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9408| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9409| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9410| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
9411| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
9412| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9413| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
9414| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
9415| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
9416| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
9417| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9418| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9419| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9420| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
9421| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
9422| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
9423| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
9424| [137541] Microsoft Windows up to Server 2019 memory corruption
9425| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
9426| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
9427| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
9428| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
9429| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
9430| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
9431| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
9432| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
9433| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
9434| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
9435| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
9436| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
9437| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
9438| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
9439| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
9440| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
9441| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
9442| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
9443| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
9444| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9445| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9446| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
9447| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9448| [136327] Microsoft Lync Server 2010/2013 denial of service
9449| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9450| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9451| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9452| [136323] Microsoft Windows up to Server 2019 denial of service
9453| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
9454| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9455| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
9456| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
9457| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
9458| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
9459| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
9460| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
9461| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
9462| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9463| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
9464| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
9465| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9466| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9467| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
9468| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
9469| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
9470| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9471| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9472| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9473| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9474| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9475| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9476| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
9477| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
9478| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
9479| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
9480| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9481| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
9482| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
9483| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9484| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
9485| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9486| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
9487| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
9488| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
9489| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9490| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
9491| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
9492| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9493| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9494| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
9495| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9496| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9497| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
9498| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
9499| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9500| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9501| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9502| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9503| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9504| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9505| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9506| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9507| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9508| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9509| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9510| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
9511| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9512| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9513| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9514| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
9515| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
9516| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
9517| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
9518| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
9519| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
9520| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
9521| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
9522| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
9523| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9524| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9525| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
9526| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
9527| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
9528| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
9529| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
9530| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9531| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
9532| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
9533| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9534| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9535| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
9536| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9537| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
9538| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
9539| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
9540| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
9541| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9542| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
9543| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
9544| [133204] Microsoft Office/Excel up to 2019 memory corruption
9545| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9546| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9547| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9548| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
9549| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
9550| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
9551| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
9552| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
9553| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9554| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
9555| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9556| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
9557| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
9558| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9559| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
9560| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
9561| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
9562| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
9563| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
9564| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
9565| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
9566| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
9567| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
9568| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
9569| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
9570| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
9571| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
9572| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
9573| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
9574| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
9575| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
9576| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
9577| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
9578| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
9579| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
9580| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
9581| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
9582| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
9583| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
9584| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9585| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
9586| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
9587| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
9588| [131658] Microsoft Windows up to Server 2019 information disclosure
9589| [131657] Microsoft Windows up to Server 2019 denial of service
9590| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
9591| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
9592| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
9593| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
9594| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
9595| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
9596| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
9597| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
9598| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9599| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
9600| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
9601| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
9602| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
9603| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
9604| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
9605| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
9606| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
9607| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
9608| [130832] Microsoft 2013 SP1 spoofing
9609| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
9610| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
9611| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
9612| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
9613| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
9614| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
9615| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9616| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
9617| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
9618| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
9619| [130814] Microsoft Windows up to Server 2019 privilege escalation
9620| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
9621| [130808] Microsoft Windows up to Server 2019 information disclosure
9622| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
9623| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
9624| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
9625| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
9626| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
9627| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
9628| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
9629| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9630| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
9631| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
9632| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
9633| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
9634| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
9635| [130792] Microsoft Windows up to Server 2019 HID information disclosure
9636| [130791] Microsoft Windows up to Server 2019 HID information disclosure
9637| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9638| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9639| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9640| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9641| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9642| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
9643| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
9644| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
9645| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
9646| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
9647| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
9648| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
9649| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
9650| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9651| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9652| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9653| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9654| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9655| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9656| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9657| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9658| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9659| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9660| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
9661| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
9662| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
9663| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
9664| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
9665| [128745] Microsoft Office up to 2019 Word Macro information disclosure
9666| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
9667| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9668| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
9669| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
9670| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
9671| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
9672| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
9673| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
9674| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
9675| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
9676| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
9677| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
9678| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
9679| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
9680| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9681| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
9682| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
9683| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
9684| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
9685| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
9686| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
9687| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
9688| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
9689| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
9690| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
9691| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
9692| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
9693| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
9694| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
9695| [127817] Microsoft Excel up to 2019 information disclosure
9696| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
9697| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
9698| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
9699| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
9700| [127806] Microsoft Outlook up to 2019 memory corruption
9701| [127805] Microsoft Excel up to 2019 memory corruption
9702| [127804] Microsoft Excel up to 2019 memory corruption
9703| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
9704| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
9705| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
9706| [126755] Microsoft .NET Core 2.1 privilege escalation
9707| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
9708| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
9709| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
9710| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
9711| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9712| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
9713| [126744] Microsoft Office up to 2019 Word memory corruption
9714| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
9715| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
9716| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
9717| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
9718| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
9719| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
9720| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
9721| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
9722| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
9723| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9724| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9725| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
9726| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
9727| [126718] Microsoft Windows up to Server 2016 Search memory corruption
9728| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
9729| [126716] Microsoft Office up to 2019 Excel memory corruption
9730| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
9731| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
9732| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
9733| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
9734| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
9735| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
9736| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
9737| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
9738| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
9739| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
9740| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
9741| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
9742| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
9743| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
9744| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
9745| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
9746| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
9747| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9748| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9749| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9750| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9751| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
9752| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
9753| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
9754| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
9755| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
9756| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
9757| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
9758| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9759| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
9760| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
9761| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
9762| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
9763| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
9764| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
9765| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
9766| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
9767| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
9768| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
9769| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
9770| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
9771| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9772| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
9773| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
9774| [123849] Microsoft Windows up to Server 2016 SMB denial of service
9775| [123846] Microsoft Office 2016 on Win/Mac memory corruption
9776| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
9777| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9778| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9779| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
9780| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
9781| [123827] Microsoft Windows up to Server 2016 Image memory corruption
9782| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
9783| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
9784| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
9785| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
9786| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
9787| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
9788| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
9789| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
9790| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9791| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
9792| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
9793| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9794| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
9795| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
9796| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
9797| [122848] Microsoft Windows Security Feature 2FA weak authentication
9798| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
9799| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
9800| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
9801| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
9802| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9803| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
9804| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
9805| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
9806| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
9807| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
9808| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
9809| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9810| [121098] Microsoft Office 2016/2016 C2R memory corruption
9811| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
9812| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
9813| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9814| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
9815| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
9816| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
9817| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
9818| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
9819| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9820| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
9821| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9822| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9823| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9824| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9825| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9826| [119459] Microsoft Windows up to Server 2016 memory corruption
9827| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
9828| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
9829| [119455] Microsoft Windows up to Server 2016 denial of service
9830| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
9831| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
9832| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
9833| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
9834| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
9835| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
9836| [119436] Microsoft Windows up to Server 2016 memory corruption
9837| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
9838| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
9839| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
9840| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
9841| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
9842| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
9843| [117507] Microsoft Infopath 2013 SP1 memory corruption
9844| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
9845| [117504] Microsoft Office 2010 SP2 information disclosure
9846| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
9847| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
9848| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9849| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
9850| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
9851| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
9852| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
9853| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
9854| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9855| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9856| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9857| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9858| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9859| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9860| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
9861| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
9862| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
9863| [116132] Microsoft Office 2016 Memory information disclosure
9864| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9865| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
9866| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
9867| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
9868| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
9869| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
9870| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9871| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
9872| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
9873| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
9874| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
9875| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
9876| [116023] Microsoft Office up to 2016 C2R information disclosure
9877| [116022] Microsoft Excel 2010 SP2 memory corruption
9878| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
9879| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
9880| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9881| [116017] Microsoft Excel up to 2016 C2R memory corruption
9882| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
9883| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
9884| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
9885| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
9886| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
9887| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
9888| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
9889| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
9890| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
9891| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
9892| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
9893| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
9894| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
9895| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9896| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
9897| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
9898| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
9899| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9900| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9901| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9902| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9903| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9904| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9905| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9906| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9907| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9908| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9909| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9910| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
9911| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
9912| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
9913| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
9914| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
9915| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
9916| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
9917| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
9918| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
9919| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
9920| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
9921| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
9922| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
9923| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
9924| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
9925| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
9926| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
9927| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
9928| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
9929| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
9930| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
9931| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
9932| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
9933| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
9934| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
9935| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
9936| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
9937| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
9938| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
9939| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
9940| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
9941| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
9942| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
9943| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
9944| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
9945| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
9946| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
9947| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
9948| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
9949| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9950| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9951| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
9952| [113232] Microsoft Excel 2016 memory corruption
9953| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
9954| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
9955| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
9956| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
9957| [111567] Microsoft Office 2010/2013/2016 memory corruption
9958| [111564] Microsoft Word 2016 memory corruption
9959| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
9960| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
9961| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9962| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
9963| [110553] Microsoft Office 2016 C2R information disclosure
9964| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
9965| [110551] Microsoft Excel 2016 C2R memory corruption
9966| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
9967| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
9968| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
9969| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
9970| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
9971| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
9972| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
9973| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
9974| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
9975| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
9976| [107759] Microsoft Windows up to Server 2016 SMB denial of service
9977| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9978| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9979| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
9980| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
9981| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
9982| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
9983| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
9984| [107738] Microsoft Windows up to Server 2016 Search information disclosure
9985| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
9986| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
9987| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
9988| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9989| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9990| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9991| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
9992| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
9993| [107698] Microsoft Office 2016 memory corruption
9994| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
9995| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
9996| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9997| [106529] Microsoft PowerPoint 2016 memory corruption
9998| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
9999| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
10000| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
10001| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
10002| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
10003| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
10004| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
10005| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
10006| [106474] Microsoft Office 2016 memory corruption
10007| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
10008| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
10009| [106470] Microsoft Excel 2011 on Mac memory corruption
10010| [106455] Microsoft Exchange Server 2013/2016 information disclosure
10011| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
10012| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
10013| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
10014| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
10015| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
10016| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
10017| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
10018| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
10019| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
10020| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
10021| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
10022| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
10023| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
10024| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
10025| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
10026| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
10027| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
10028| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
10029| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
10030| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
10031| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
10032| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
10033| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
10034| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
10035| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
10036| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
10037| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
10038| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
10039| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
10040| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
10041| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
10042| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
10043| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
10044| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
10045| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
10046| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
10047| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
10048| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
10049| [102463] Microsoft Project Server 2013 SP1 cross site scripting
10050| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
10051| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
10052| [102446] Microsoft Office up to 2016 privilege escalation
10053| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
10054| [102443] Microsoft Office up to 2016 privilege escalation
10055| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
10056| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
10057| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
10058| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
10059| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
10060| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
10061| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
10062| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
10063| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
10064| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10065| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
10066| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
10067| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10068| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
10069| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10070| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10071| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
10072| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
10073| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10074| [101019] Microsoft Skype for Business 2016 memory corruption
10075| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
10076| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
10077| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
10078| [101014] Microsoft Office 2010 SP2/2016 memory corruption
10079| [101013] Microsoft Office 2010 SP2/2016 memory corruption
10080| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10081| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10082| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10083| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
10084| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
10085| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
10086| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
10087| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
10088| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
10089| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
10090| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
10091| [98096] Microsoft Exchange 2013 SP1 privilege escalation
10092| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
10093| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
10094| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
10095| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
10096| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
10097| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
10098| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
10099| [98081] Microsoft Excel up to 2016 information disclosure
10100| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10101| [98079] Microsoft Word 2016 memory corruption
10102| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
10103| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
10104| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
10105| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
10106| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
10107| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
10108| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
10109| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
10110| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
10111| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
10112| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
10113| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
10114| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
10115| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
10116| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
10117| [94451] Microsoft Office 2011 memory corruption
10118| [94447] Microsoft Office 2010 SP2 memory corruption
10119| [94446] Microsoft Office 2016 memory corruption
10120| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
10121| [94443] Microsoft Office up to 2016 information disclosure
10122| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10123| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
10124| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
10125| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
10126| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
10127| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
10128| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
10129| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
10130| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
10131| [93393] Microsoft Office up to 2016 memory corruption
10132| [93392] Microsoft Office up to 2016 memory corruption
10133| [93391] Microsoft Office up to 2016 memory corruption
10134| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
10135| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
10136| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
10137| [92584] Microsoft Office up to 2016 memory corruption
10138| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
10139| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
10140| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
10141| [91555] Microsoft Exchange 2013/2016 Link spoofing
10142| [91550] Microsoft Office 2016 memory corruption
10143| [91547] Microsoft Office 2010 memory corruption
10144| [91543] Microsoft Office up to 2016 memory corruption
10145| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
10146| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
10147| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
10148| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
10149| [89043] Microsoft Office up to 2016 memory corruption
10150| [89041] Microsoft Office up to 2016 memory corruption
10151| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
10152| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
10153| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10154| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
10155| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
10156| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
10157| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
10158| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
10159| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
10160| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
10161| [87936] Microsoft Office up to 2016 memory corruption
10162| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
10163| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
10164| [87149] Microsoft Office up to 2016 memory corruption
10165| [87148] Microsoft Office 2010 Graphics memory corruption
10166| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
10167| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
10168| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
10169| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
10170| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
10171| [81274] Microsoft Office up to 2016 memory corruption
10172| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
10173| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
10174| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
10175| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10176| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
10177| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
10178| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
10179| [80870] Microsoft Office up to 2016 memory corruption
10180| [80868] Microsoft Office up to 2016 memory corruption
10181| [80867] Microsoft Office up to 2016 memory corruption
10182| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
10183| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
10184| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
10185| [80231] Microsoft Excel up to 2016 Office Document memory corruption
10186| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
10187| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
10188| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
10189| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
10190| [80218] Microsoft Office up to 2016 ASLR privilege escalation
10191| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
10192| [80216] Microsoft Office up to 2016 Office Document memory corruption
10193| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
10194| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
10195| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
10196| [79500] Microsoft Office 2010/2011/2016 memory corruption
10197| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
10198| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
10199| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
10200| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
10201| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
10202| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
10203| [77638] Microsoft Lync Server 2013 cross site scripting
10204| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
10205| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
10206| [77050] Microsoft Office up to 2016 memory corruption
10207| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
10208| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
10209| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
10210| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
10211| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
10212| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
10213| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
10214| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
10215| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10216| [66976] Microsoft Access 2010 VBA Datatype denial of service
10217| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
10218| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
10219| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
10220| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
10221| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
10222| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
10223| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
10224| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
10225| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
10226| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
10227| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
10228| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
10229| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
10230| [69156] Microsoft Office 2010 Object memory corruption
10231| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
10232| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
10233| [68191] Microsoft SharePoint 2010 cross site scripting
10234| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
10235| [67518] Microsoft Lync 2013 denial of service
10236| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
10237| [67516] Microsoft Lync 2010/2013 denial of service
10238| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
10239| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
10240| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
10241| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
10242| [13228] Microsoft Office 2013 Document privilege escalation
10243| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
10244| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
10245| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
10246| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
10247| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
10248| [12183] Microsoft .NET Framework 2/4 DTD denial of service
10249| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
10250| [11468] Microsoft Exchange 2010/2013 cross site scripting
10251| [11466] Microsoft Office 2013 File Response information disclosure
10252| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
10253| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
10254| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
10255| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
10256| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
10257| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
10258| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
10259| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
10260| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
10261| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
10262| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
10263| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
10264| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
10265| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
10266| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
10267| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
10268| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
10269| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
10270| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
10271| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
10272| [7343] Microsoft Lync 2012 HTTP Format String
10273| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
10274| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
10275| [6831] Microsoft Office Picture Manager 2010 File memory corruption
10276| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
10277| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
10278| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
10279| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
10280| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
10281| [5641] Microsoft SharePoint 2010 cross site scripting
10282| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
10283| [12311] Microsoft Lync 2010 Search race condition
10284| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
10285| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
10286| [60208] Microsoft Visio Viewer 2010 memory corruption
10287| [60207] Microsoft Visio Viewer 2010 memory corruption
10288| [60206] Microsoft Visio Viewer 2010 memory corruption
10289| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
10290| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
10291| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
10292| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
10293| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
10294| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
10295| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
10296| [4424] Microsoft Host Integration Server up to 2010 denial of service
10297| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
10298| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
10299| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
10300| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
10301| [4414] Microsoft SharePoint 2010 cross site scripting
10302| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
10303| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
10304| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
10305| [56028] Microsoft Data Access Components 2.8 memory corruption
10306| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
10307| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
10308| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
10309| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
10310| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
10311| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
10312| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
10313| [4009] Microsoft NET Framework 2.x/3.x denial of service
10314| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
10315| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
10316| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
10317| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
10318| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
10319| [32692] Microsoft XML Core Services up to 2.6 memory corruption
10320| [32691] Microsoft XML Core Services up to 2.6 memory corruption
10321|
10322| MITRE CVE - https://cve.mitre.org:
10323| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
10324| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
10325| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
10326| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
10327| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
10328| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
10329| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
10330| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
10331| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
10332| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
10333| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
10334| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
10335| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
10336| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
10337| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
10338| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
10339| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
10340| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
10341| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
10342| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
10343| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
10344| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
10345| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
10346| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
10347| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
10348| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
10349| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
10350| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
10351| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
10352| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
10353| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
10354| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
10355| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
10356| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
10357| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
10358| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
10359| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
10360| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
10361| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
10362| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
10363| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
10364| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
10365| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
10366| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
10367| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
10368| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
10369| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
10370| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
10371| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
10372| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10373| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10374| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10375| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10376| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10377| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10378| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10379| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10380| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10381| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10382| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10383| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10384| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10385| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10386| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10387| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10388| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10389| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10390| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10391| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10392| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10393| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10394| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10395| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10396| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10397| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10398| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10399| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10400| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10401| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
10402| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
10403| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
10404| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
10405| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
10406| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
10407| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
10408| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
10409| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
10410| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
10411| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
10412| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
10413| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
10414| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
10415| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
10416| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
10417| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
10418| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
10419| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
10420| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
10421| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
10422| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
10423| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
10424| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
10425| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
10426| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
10427| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10428| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
10429| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
10430| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
10431| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10432| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
10433| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
10434| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
10435| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
10436| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
10437| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
10438| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
10439| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
10440| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
10441| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10442| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
10443| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
10444| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
10445| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
10446| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
10447| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
10448| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
10449| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
10450| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
10451| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
10452| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
10453| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
10454| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10455| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
10456| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
10457| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
10458| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10459| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
10460| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
10461| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
10462| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
10463| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
10464| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
10465| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
10466| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
10467| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
10468| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
10469| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10470| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
10471| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
10472| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
10473| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
10474| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
10475| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
10476| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
10477| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
10478| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
10479| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
10480| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
10481| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
10482| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
10483| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
10484| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
10485| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
10486| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10487| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
10488| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
10489| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
10490| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
10491| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
10492| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
10493| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
10494| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
10495| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
10496| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10497| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
10498| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
10499| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
10500| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
10501| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
10502| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
10503| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
10504| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
10505| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
10506| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
10507| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
10508| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
10509| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
10510| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
10511| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
10512| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
10513| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
10514| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
10515| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
10516| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
10517| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
10518| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
10519| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
10520| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
10521| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
10522| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
10523| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
10524| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
10525| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
10526| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
10527| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
10528| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
10529| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
10530| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
10531| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
10532| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
10533| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
10534| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
10535| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
10536| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
10537| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
10538| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
10539| [CVE-2011-1990] Microsoft Excel 2007 SP2
10540| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
10541| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
10542| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
10543| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
10544| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
10545| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
10546| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
10547| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
10548| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
10549| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
10550| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
10551| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
10552| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
10553| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
10554| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
10555| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
10556| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
10557| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
10558| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
10559| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
10560| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
10561| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
10562| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
10563| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
10564| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10565| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10566| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10567| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10568| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10569| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10570| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10571| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
10572| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10573| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10574| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
10575| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10576| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10577| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
10578| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
10579| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
10580| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
10581| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
10582| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
10583| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
10584| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
10585| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
10586| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
10587| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
10588| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
10589| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
10590| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
10591| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
10592| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
10593| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10594| [CVE-2011-1275] Microsoft Excel 2002 SP3
10595| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10596| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10597| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10598| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
10599| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
10600| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
10601| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
10602| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
10603| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
10604| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
10605| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
10606| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
10607| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
10608| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
10609| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10610| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10611| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10612| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10613| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10614| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10615| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10616| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10617| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10618| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10619| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10620| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10621| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10622| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10623| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10624| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10625| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10626| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10627| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
10628| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10629| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
10630| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
10631| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
10632| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10633| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
10634| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10635| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10636| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10637| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10638| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10639| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10640| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10641| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10642| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
10643| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
10644| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
10645| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
10646| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
10647| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
10648| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10649| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
10650| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
10651| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
10652| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
10653| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
10654| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
10655| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
10656| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10657| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10658| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
10659| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
10660| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
10661| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
10662| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
10663| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
10664| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
10665| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
10666| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
10667| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
10668| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
10669| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
10670| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
10671| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
10672| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
10673| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
10674| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
10675| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
10676| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
10677| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
10678| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
10679| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
10680| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
10681| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
10682| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
10683| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
10684| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
10685| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
10686| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
10687| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
10688| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
10689| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
10690| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
10691| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
10692| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
10693| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
10694| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
10695| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
10696| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
10697| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
10698| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
10699| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
10700| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
10701| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
10702| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
10703| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
10704| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
10705| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
10706| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
10707| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
10708| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
10709| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
10710| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
10711| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
10712| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
10713| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
10714| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
10715| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
10716| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
10717| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
10718| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
10719| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
10720| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
10721| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
10722| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
10723| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
10724| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
10725| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
10726| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
10727| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
10728| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
10729| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
10730| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
10731| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
10732| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
10733| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
10734| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
10735| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
10736| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
10737| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
10738| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
10739| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
10740| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
10741| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
10742| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
10743| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
10744| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
10745| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
10746| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
10747| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
10748| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
10749| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
10750| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
10751| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
10752| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
10753| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
10754| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
10755| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
10756| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
10757| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
10758| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
10759| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
10760| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
10761| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
10762| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
10763| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
10764| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
10765| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
10766| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
10767| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
10768| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
10769| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
10770| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
10771| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
10772| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
10773| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
10774| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
10775| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
10776| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
10777| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
10778| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
10779| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
10780| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
10781| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
10782| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
10783| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
10784| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
10785| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
10786| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
10787| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
10788| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
10789| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
10790| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
10791| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
10792| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
10793| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
10794| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
10795| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
10796| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
10797| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
10798| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
10799| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
10800| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
10801| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
10802| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
10803| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
10804| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
10805| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
10806| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
10807| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
10808| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
10809| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
10810| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
10811| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
10812| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
10813| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
10814| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
10815| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
10816| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
10817| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
10818| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
10819| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
10820| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
10821| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
10822| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
10823| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
10824| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
10825| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
10826| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
10827| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
10828| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
10829| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
10830| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
10831| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
10832| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
10833| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
10834| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
10835| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
10836| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
10837| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
10838| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
10839| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
10840| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
10841| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
10842| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
10843| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
10844| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
10845| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
10846| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
10847| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
10848| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
10849| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
10850| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
10851| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
10852| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
10853| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
10854| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
10855| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
10856| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
10857| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10858| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
10859| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
10860| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
10861| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
10862| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
10863| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
10864| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
10865| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
10866| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
10867| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
10868| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
10869| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
10870| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
10871| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
10872| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
10873| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
10874| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
10875| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
10876| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
10877| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
10878| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
10879| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
10880| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
10881| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
10882| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
10883| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
10884| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
10885| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
10886| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
10887| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
10888| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
10889| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
10890| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
10891| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
10892| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
10893| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
10894| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
10895| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
10896| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
10897| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
10898| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
10899| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
10900| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
10901| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
10902| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
10903| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
10904| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
10905| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
10906| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
10907| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
10908| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
10909| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10910| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
10911| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10912| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10913| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
10914| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10915| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
10916| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
10917| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
10918| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
10919| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
10920| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
10921| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
10922| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
10923| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
10924| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
10925| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
10926| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
10927| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
10928| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
10929| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
10930| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
10931| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
10932| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
10933| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
10934| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
10935| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
10936| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
10937| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
10938| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
10939| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
10940| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
10941| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
10942| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
10943| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
10944| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
10945| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
10946| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
10947| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
10948| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
10949| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
10950| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
10951| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
10952| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
10953| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
10954| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
10955| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
10956| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
10957| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
10958| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
10959| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
10960| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
10961| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
10962| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
10963| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
10964| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
10965| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
10966| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
10967| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
10968| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
10969| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
10970| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
10971| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
10972| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
10973| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
10974| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
10975| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
10976| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
10977| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
10978| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
10979| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
10980| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
10981| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
10982| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
10983| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
10984| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
10985| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
10986| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
10987| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
10988| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
10989| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
10990| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
10991| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
10992| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
10993| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
10994| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10995| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
10996| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
10997| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
10998| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
10999| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
11000| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
11001| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
11002| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
11003| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
11004| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
11005| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
11006| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
11007| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
11008| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
11009| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
11010| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
11011| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
11012| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
11013| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
11014| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
11015| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
11016| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
11017| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
11018| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
11019| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
11020| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
11021| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
11022| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
11023| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
11024| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
11025| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
11026| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
11027| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
11028| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
11029| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
11030| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
11031| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
11032| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
11033| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
11034| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
11035| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
11036| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
11037| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
11038| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
11039| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
11040| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
11041| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
11042| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
11043| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
11044| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
11045| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
11046| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
11047| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
11048| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
11049| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
11050| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
11051| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
11052| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
11053| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
11054| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
11055| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
11056| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
11057| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
11058| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
11059| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
11060| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
11061| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
11062| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11063| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
11064| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
11065| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
11066| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
11067| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
11068| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
11069| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
11070| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
11071| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11072| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
11073| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
11074| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
11075| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
11076| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
11077| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
11078| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
11079| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
11080| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
11081| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
11082| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
11083| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11084| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11085| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11086| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11087| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11088| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
11089| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
11090| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
11091| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
11092| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
11093| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
11094| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
11095| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
11096| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
11097| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
11098| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
11099| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
11100| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
11101| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
11102| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11103| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
11104| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11105| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
11106| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11107| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
11108| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
11109| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
11110| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
11111| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
11112| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
11113| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
11114| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
11115| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
11116| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
11117| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
11118| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
11119| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
11120| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
11121| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
11122| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
11123| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
11124| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
11125| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
11126| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
11127| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
11128| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
11129| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
11130| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
11131| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
11132| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
11133| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
11134| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
11135| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
11136| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
11137| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
11138| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
11139| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
11140| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
11141| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
11142| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
11143| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
11144| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
11145| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
11146| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
11147| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
11148| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
11149| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
11150| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
11151| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
11152| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
11153| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
11154| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
11155| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
11156| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
11157| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
11158| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
11159| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
11160| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
11161| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
11162| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
11163| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
11164| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
11165| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
11166| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
11167| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
11168| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
11169| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
11170| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
11171| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
11172| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
11173| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
11174| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
11175| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
11176| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
11177| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
11178| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
11179| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
11180| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
11181| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
11182| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
11183| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
11184| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
11185| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
11186| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
11187| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
11188| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
11189| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
11190| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
11191| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
11192| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
11193| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
11194| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
11195| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
11196| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
11197| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
11198| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
11199| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
11200| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
11201| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
11202| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
11203| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
11204| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
11205| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
11206| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
11207| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
11208| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
11209| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
11210| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
11211| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
11212| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
11213| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
11214| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
11215| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
11216| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
11217| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
11218| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
11219| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
11220| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
11221| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
11222| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
11223| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
11224| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
11225| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
11226| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
11227| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
11228| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
11229| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
11230| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
11231| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
11232| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
11233| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
11234| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
11235| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
11236| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
11237| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
11238| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
11239| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
11240| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
11241| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
11242| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
11243| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
11244| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
11245| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
11246| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
11247| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
11248| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
11249| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
11250| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
11251| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
11252| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
11253| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
11254| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
11255| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
11256| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
11257| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
11258| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
11259| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
11260| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
11261| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
11262| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
11263| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
11264| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
11265| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
11266| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
11267| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
11268| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
11269| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
11270| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
11271| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
11272| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
11273| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
11274| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
11275| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
11276| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
11277| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
11278| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
11279| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
11280| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
11281| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
11282| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
11283| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
11284| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
11285| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
11286| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
11287| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
11288| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
11289| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
11290| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
11291| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
11292| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
11293| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
11294| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
11295| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
11296| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
11297| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
11298| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
11299| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
11300| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
11301| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
11302| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
11303| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
11304| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
11305| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
11306| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
11307| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
11308| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
11309| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
11310| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
11311| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
11312| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
11313| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
11314| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
11315| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
11316| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
11317| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
11318| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
11319| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
11320| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
11321| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
11322| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
11323| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
11324| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
11325| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
11326| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
11327| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
11328| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
11329| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
11330| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
11331| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
11332| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
11333| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
11334| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
11335| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
11336| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
11337| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
11338| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
11339| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
11340| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
11341| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
11342| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
11343| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
11344| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
11345| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
11346| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
11347| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
11348| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
11349| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
11350| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
11351| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
11352| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
11353| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
11354| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
11355| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
11356| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
11357| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
11358| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
11359| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
11360| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
11361| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
11362| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
11363| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
11364| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
11365| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
11366| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
11367| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
11368| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
11369| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
11370| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
11371| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
11372| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
11373| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
11374| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
11375| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
11376| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
11377| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
11378| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
11379| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
11380| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
11381| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
11382| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
11383| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
11384| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
11385| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
11386| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
11387| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
11388| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
11389| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
11390| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
11391| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
11392| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
11393| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
11394| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
11395| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
11396| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
11397| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
11398| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
11399| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
11400| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
11401| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
11402| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
11403| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
11404| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
11405| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
11406| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
11407| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
11408| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
11409| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
11410| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
11411| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
11412| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
11413| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
11414| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
11415| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
11416| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
11417| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
11418| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
11419| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
11420| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
11421| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
11422| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
11423| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
11424| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
11425| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
11426| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
11427| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
11428| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
11429| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
11430| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
11431| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
11432| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
11433| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
11434| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
11435| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
11436| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
11437| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
11438| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
11439| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
11440| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
11441| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
11442| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
11443| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
11444| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
11445| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
11446| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
11447| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
11448| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
11449| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
11450| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
11451| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
11452| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
11453| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
11454| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
11455| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
11456| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
11457| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
11458| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
11459| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
11460| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
11461| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
11462| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
11463| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
11464| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
11465| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
11466| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
11467| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
11468| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
11469| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
11470| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
11471| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
11472| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
11473| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
11474| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
11475| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
11476| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
11477| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
11478| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
11479| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
11480| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
11481| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
11482| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
11483| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
11484| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
11485| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
11486| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
11487| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
11488| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
11489| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
11490| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
11491| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
11492| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
11493| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
11494| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
11495| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
11496| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
11497| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
11498| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
11499| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
11500| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
11501| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
11502| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
11503| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
11504| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
11505| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
11506| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
11507| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
11508| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
11509| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
11510| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
11511| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
11512| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
11513| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
11514| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
11515| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
11516| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
11517| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
11518| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
11519| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
11520| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
11521| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
11522| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
11523| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
11524| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
11525| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
11526| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
11527| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
11528| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
11529| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
11530| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
11531| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
11532| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
11533| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
11534| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
11535| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
11536| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
11537| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
11538| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
11539| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
11540| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
11541| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
11542| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
11543| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
11544| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
11545| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
11546| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
11547| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
11548| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
11549| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
11550| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
11551| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
11552| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
11553| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
11554| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
11555| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
11556| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
11557| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
11558| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
11559| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
11560| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
11561| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
11562| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
11563| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
11564| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
11565| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
11566| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
11567| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
11568| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
11569| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
11570| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
11571| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
11572| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
11573| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
11574| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
11575| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
11576| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
11577| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
11578| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
11579| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
11580| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
11581| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
11582| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
11583| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
11584| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
11585| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
11586| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
11587| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
11588| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
11589| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
11590| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
11591| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
11592| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
11593| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
11594| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
11595| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
11596| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
11597| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
11598| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
11599| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
11600| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
11601| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
11602| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
11603| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
11604| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
11605| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
11606| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
11607| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
11608| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
11609| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
11610| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
11611| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
11612| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
11613| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
11614| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
11615| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
11616| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
11617| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
11618| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
11619| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
11620| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
11621| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
11622| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
11623| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
11624| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
11625| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
11626| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
11627| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
11628| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
11629| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
11630| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
11631| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
11632| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
11633| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
11634| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
11635| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
11636| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
11637| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
11638| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
11639| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
11640| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
11641| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
11642| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
11643| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
11644| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
11645| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
11646| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
11647| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
11648| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
11649| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
11650| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
11651| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
11652| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
11653| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
11654| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
11655| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
11656| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
11657| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
11658| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
11659| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
11660| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
11661| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
11662| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
11663| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
11664| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
11665| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
11666| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
11667| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
11668| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
11669| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
11670| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
11671| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
11672| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
11673| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
11674| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
11675| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
11676| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
11677| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
11678| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
11679| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
11680| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
11681| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
11682| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
11683| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
11684| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
11685| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
11686| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
11687| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
11688| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
11689| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
11690| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
11691| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
11692| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
11693| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
11694| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
11695| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
11696| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
11697| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
11698| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
11699| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
11700| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
11701| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
11702| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
11703| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
11704| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
11705| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
11706| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
11707| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
11708| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
11709| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
11710| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
11711| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
11712| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
11713| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
11714| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
11715| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
11716| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
11717| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
11718| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
11719| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
11720| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
11721| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
11722| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
11723| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
11724| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
11725| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
11726| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
11727| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
11728| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
11729| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
11730| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
11731| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
11732| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
11733| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
11734| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11735| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
11736| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
11737| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
11738| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
11739| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
11740| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
11741| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
11742| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
11743| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
11744| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
11745| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
11746| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
11747| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
11748| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
11749| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
11750| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
11751| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
11752| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
11753| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
11754| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
11755| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
11756| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
11757| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
11758| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
11759| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
11760| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
11761| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
11762| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
11763| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
11764| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
11765| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
11766| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
11767| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
11768| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
11769| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
11770| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
11771| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
11772| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
11773| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
11774| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
11775| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
11776| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
11777| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
11778| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
11779| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
11780| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
11781| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
11782| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
11783| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
11784| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
11785| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
11786| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
11787| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
11788| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
11789| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
11790| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
11791| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
11792| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
11793| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
11794| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
11795| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
11796| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
11797| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
11798| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
11799| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
11800| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
11801| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
11802| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
11803| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
11804| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
11805| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
11806| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
11807| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
11808| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
11809| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
11810| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
11811| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
11812| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
11813|
11814| SecurityFocus - https://www.securityfocus.com/bid/:
11815| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
11816| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
11817| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
11818| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
11819| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
11820| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
11821| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
11822| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
11823| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
11824| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
11825| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
11826| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
11827| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
11828| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
11829| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
11830| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
11831| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
11832| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
11833| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
11834| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
11835| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
11836| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
11837| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
11838| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
11839| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
11840| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
11841| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
11842| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
11843| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
11844| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
11845| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
11846| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
11847| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
11848| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
11849| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
11850| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
11851| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
11852| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
11853| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
11854| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
11855| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
11856| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
11857| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
11858| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
11859| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
11860| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
11861| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
11862| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
11863| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
11864| [22716] Microsoft Office 2003 Denial of Service Vulnerability
11865| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
11866| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
11867| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
11868| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
11869| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
11870| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
11871| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
11872| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
11873| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
11874| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
11875| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
11876| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
11877| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
11878| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
11879| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
11880| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
11881| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
11882| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
11883| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
11884| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
11885| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
11886| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
11887| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
11888| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
11889| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
11890| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
11891| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
11892| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
11893| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
11894| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
11895| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
11896| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
11897| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
11898| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
11899| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
11900| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
11901| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
11902| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
11903| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
11904| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
11905| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
11906| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
11907| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
11908| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
11909| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
11910| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
11911| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
11912| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
11913| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
11914| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
11915| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
11916| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
11917| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
11918| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
11919| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
11920| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
11921| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
11922| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
11923| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
11924| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
11925| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
11926| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
11927| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
11928| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
11929| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
11930| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
11931| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
11932| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
11933| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
11934| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
11935| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
11936| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
11937| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
11938| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
11939| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
11940| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
11941| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
11942| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
11943| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
11944| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
11945| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
11946| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
11947| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
11948| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
11949| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
11950| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
11951| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
11952| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
11953| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
11954| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
11955| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
11956| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
11957| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
11958| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
11959| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
11960| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
11961| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
11962| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
11963| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
11964| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
11965| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
11966| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
11967| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
11968| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
11969| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
11970| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
11971| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
11972| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
11973| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
11974| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
11975| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
11976| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
11977| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
11978| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
11979| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
11980| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
11981| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
11982| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
11983| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
11984| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
11985| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
11986| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
11987| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
11988| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
11989| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
11990| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
11991| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
11992| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
11993| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
11994| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
11995| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
11996| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
11997| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
11998| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
11999| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
12000| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
12001| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
12002| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
12003| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
12004| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
12005| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
12006| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
12007| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
12008| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
12009| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
12010| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
12011| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
12012| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
12013| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
12014| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
12015| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
12016| [1197] Microsoft Office 2000 UA Control Vulnerability
12017| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
12018| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
12019| [539] Microsoft Windows 2000 EFS Vulnerability
12020| [180] Microsoft Windows April Fools 2001 Vulnerability
12021| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
12022| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
12023| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
12024| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
12025| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
12026| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
12027| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
12028| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
12029| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
12030| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
12031| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
12032| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
12033| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
12034| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
12035| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
12036| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
12037| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
12038| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
12039| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
12040| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
12041| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
12042| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
12043| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
12044| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
12045| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
12046| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
12047| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
12048| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
12049| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
12050| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
12051| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
12052| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
12053| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
12054| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
12055| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
12056| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
12057| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
12058| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
12059| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
12060| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
12061| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
12062| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
12063| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
12064| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
12065| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
12066| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
12067| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
12068| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
12069| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
12070| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
12071| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
12072| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
12073| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
12074| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
12075| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
12076| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
12077| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
12078| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
12079| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
12080| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
12081| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
12082| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
12083| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
12084| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
12085| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
12086|
12087| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12088| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
12089| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
12090| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
12091| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
12092| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
12093| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
12094| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
12095| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
12096| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
12097| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
12098| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
12099| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
12100| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
12101| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
12102| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
12103| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
12104| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
12105| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
12106| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
12107| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
12108| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
12109| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
12110| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
12111| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
12112| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
12113| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
12114| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
12115| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
12116| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
12117| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
12118| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
12119| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
12120| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
12121| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
12122| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
12123| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
12124| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
12125| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
12126| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
12127| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
12128| [48595] Microsoft Word 2007 Email as PDF information disclosure
12129| [46102] Microsoft Windows 2003 SP2 is not installed on the system
12130| [46101] Microsoft Windows 2003 SP1 is not installed on the system
12131| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
12132| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
12133| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
12134| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
12135| [34599] Microsoft Windows Server 2003 terminal server security bypass
12136| [34473] Microsoft Office 2000 ActiveX control buffer overflow
12137| [33713] Microsoft Word 2007 multiple unspecified denial of service
12138| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
12139| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
12140| [31821] Microsoft Windows time zone update for year 2007
12141| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
12142| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
12143| [29546] Microsoft Windows 2000/2003 user logoff initiated
12144| [29545] Microsoft Windows 2000/2003 system time changed
12145| [29544] Microsoft Windows 2000/2003 system security access removed
12146| [29543] Microsoft Windows 2000/2003 security access granted
12147| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
12148| [29541] Microsoft Windows 2000/2003 primary security token issued
12149| [29540] Microsoft Windows 2000/2003 user password reset successful
12150| [29539] Microsoft Windows 2000/2003 object indirectly accessed
12151| [29538] Microsoft Windows 2000/2003 object handle duplicated
12152| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
12153| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
12154| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
12155| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
12156| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
12157| [29532] Microsoft Windows 2000/2003 IKE security association established
12158| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
12159| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
12160| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
12161| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
12162| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
12163| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
12164| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
12165| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
12166| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
12167| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
12168| [29521] Microsoft Windows 2000/2003 account name changed
12169| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
12170| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
12171| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
12172| [26118] Microsoft Office 2003 mailto: information disclosure
12173| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
12174| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
12175| [24473] Microsoft Windows 2000 event ID 565 not logged
12176| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
12177| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
12178| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
12179| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
12180| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
12181| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
12182| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
12183| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
12184| [22183] Microsoft Exchange Server 2003 public folder denial of service
12185| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
12186| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
12187| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
12188| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
12189| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
12190| [19629] Microsoft Exchange Server 2003 folder denial of service
12191| [17826] Microsoft Outlook 2003 CID security bypass
12192| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
12193| [17621] Microsoft Windows 2003 SMTP service code execution
12194| [17560] Microsoft Windows 2000 and XP GDI library denial of service
12195| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
12196| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
12197| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
12198| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
12199| [16907] Microsoft Windows 2003 users with Create global objects privilege
12200| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
12201| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
12202| [16704] Microsoft Windows 2000 Media Player control code execution
12203| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
12204| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
12205| [16570] Microsoft Windows 2003 Users with Create global objects privilege
12206| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
12207| [16562] Microsoft Windows 2003 Groups with "
12208| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
12209| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
12210| [16520] Microsoft Windows 2003 Create global objects privilege
12211| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
12212| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
12213| [16119] Microsoft Outlook 2000 URL spoofing
12214| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
12215| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
12216| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
12217| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
12218| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
12219| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
12220| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
12221| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
12222| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
12223| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
12224| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
12225| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
12226| [13426] Microsoft Windows 2000 and XP RPC race condition
12227| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
12228| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
12229| [13385] Microsoft Windows Server 2003 "
12230| [13211] Microsoft Windows 2000 and XP URG memory leak
12231| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
12232| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
12233| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
12234| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
12235| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
12236| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
12237| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
12238| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
12239| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
12240| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
12241| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
12242| [11901] Microsoft BizTalk Server 2002 SQL injection
12243| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
12244| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
12245| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
12246| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
12247| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
12248| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
12249| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
12250| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
12251| [11216] Microsoft Windows NT and 2000 command prompt denial of service
12252| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
12253| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
12254| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
12255| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
12256| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
12257| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
12258| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
12259| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
12260| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
12261| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
12262| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
12263| [9779] Microsoft Windows 2000 weak system partition permissions
12264| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
12265| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
12266| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
12267| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
12268| [8867] Microsoft Windows 2000 LanMan denial of service
12269| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
12270| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
12271| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
12272| [8739] Microsoft Windows 2000 DCOM memory leak
12273| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
12274| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
12275| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
12276| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
12277| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
12278| [8199] Microsoft Windows 2000 Terminal Services unlocked client
12279| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
12280| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
12281| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
12282| [8037] Microsoft Windows 2000 empty TCP packet denial of service
12283| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
12284| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
12285| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
12286| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
12287| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
12288| [7533] Microsoft Windows 2000 RunAs service denial of service
12289| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
12290| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
12291| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
12292| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
12293| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
12294| [7008] Microsoft Windows 2000 IrDA device denial of service
12295| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
12296| [6931] Microsoft Windows 2000 without Service Pack 2
12297| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
12298| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
12299| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
12300| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
12301| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
12302| [6669] Microsoft Windows 2000 Telnet system call denial of service
12303| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
12304| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
12305| [6666] Microsoft Windows 2000 Telnet username denial of service
12306| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
12307| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
12308| [6652] Microsoft Exchange 2000 OWA script execution
12309| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
12310| [6506] Microsoft Windows 2000 Server Kerberos denial of service
12311| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
12312| [6160] Microsoft Windows 2000 event viewer buffer overflow
12313| [6136] Microsoft Windows 2000 domain controller denial of service
12314| [6035] Microsoft Windows 2000 Server RDP denial of service
12315| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
12316| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
12317| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
12318| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
12319| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
12320| [5585] Microsoft Windows 2000 brute force attack
12321| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
12322| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
12323| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
12324| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
12325| [5263] Microsoft Office 2000 executes .dll without users knowledge
12326| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
12327| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
12328| [5203] Microsoft Windows 2000 still image service
12329| [5171] Microsoft Windows 2000 Local Security Policy corruption
12330| [5080] Microsoft Office 2000 HTML object tag buffer overflow
12331| [5033] Microsoft Windows 2000 without Service Pack 1
12332| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
12333| [5015] Microsoft Windows NT and 2000 executable path
12334| [4887] Microsoft Windows 2000 Kerberos ticket renewed
12335| [4886] Microsoft Windows 2000 logon session reconnected
12336| [4885] Microsoft Windows 2000 logon session disconnected
12337| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
12338| [4873] Microsoft Windows 2000 user account mapped for logon
12339| [4872] Microsoft Windows 2000 account logon failed
12340| [4871] Microsoft Windows 2000 account used for logon
12341| [4855] Microsoft Windows 2000 group type change
12342| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
12343| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
12344| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
12345| [4819] Microsoft Windows 2000 default SYSKEY configuration
12346| [4787] Microsoft Windows 2000 user account locked out
12347| [4786] Microsoft Windows 2000 computer account created
12348| [4785] Microsoft Windows 2000 computer account changed
12349| [4784] Microsoft Windows 2000 computer account deleted
12350| [4714] Microsoft Windows 2000 "
12351| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
12352| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
12353| [4138] Microsoft Windows 2000 system file integrity feature is disabled
12354| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
12355| [4085] Microsoft Windows 2000 non-Gregorial calendar error
12356| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
12357| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
12358| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
12359| [4080] Microsoft Windows 2000 AOL image support
12360| [4079] Microsoft Windows 2000 High Encryption Pack
12361| [3854] Microsoft Office 2000 security setting
12362| [1376] Microsoft Proxy 2.0 denial of service
12363| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
12364| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
12365| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
12366| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
12367| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
12368| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
12369| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
12370| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
12371| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
12372| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
12373| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
12374| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
12375| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
12376| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
12377| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
12378| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
12379| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
12380| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
12381| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
12382| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
12383| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
12384| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
12385| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
12386| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
12387| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
12388| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
12389| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
12390| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
12391| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
12392| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
12393| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
12394| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
12395| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
12396| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
12397| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
12398| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
12399| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
12400| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
12401| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
12402| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
12403| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
12404| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
12405| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
12406| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
12407| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
12408| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
12409| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
12410| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
12411| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
12412| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
12413| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
12414| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
12415| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
12416| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
12417| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
12418| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
12419| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
12420| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
12421| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
12422| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
12423| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
12424| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
12425| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
12426| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
12427| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
12428| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
12429| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
12430| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
12431| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
12432| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
12433| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
12434| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
12435| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
12436| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
12437| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
12438| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
12439| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
12440| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
12441| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
12442| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
12443| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
12444| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
12445| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
12446| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
12447| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
12448| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
12449| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
12450| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
12451| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
12452| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
12453| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
12454| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
12455| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
12456| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
12457| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
12458| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
12459| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
12460| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
12461| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
12462| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
12463| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
12464| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
12465| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
12466| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
12467| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
12468| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
12469| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
12470| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
12471| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
12472| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
12473| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
12474| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
12475| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
12476| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
12477| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
12478| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
12479| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
12480| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
12481| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
12482| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
12483| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
12484| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
12485| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
12486| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
12487| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
12488| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
12489| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
12490| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
12491| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
12492| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
12493| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
12494| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
12495| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
12496| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
12497| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
12498| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
12499| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
12500| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
12501| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
12502| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
12503| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
12504| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
12505| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
12506| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
12507| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
12508| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
12509| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
12510| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
12511| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
12512| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
12513| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
12514| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
12515| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
12516| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
12517| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
12518| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
12519| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
12520| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
12521| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
12522| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
12523| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
12524| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
12525| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
12526| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
12527| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
12528| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
12529| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
12530| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
12531| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
12532| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
12533| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
12534| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
12535| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
12536| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
12537| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
12538| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
12539| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
12540| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
12541| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
12542| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
12543| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
12544| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
12545| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
12546| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
12547| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
12548| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
12549| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
12550| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
12551| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
12552| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
12553| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
12554| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
12555| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
12556| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
12557| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
12558| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
12559| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
12560| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
12561| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
12562| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
12563| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
12564| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
12565| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
12566| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
12567| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
12568| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
12569| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
12570| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
12571| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
12572| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
12573| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
12574| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
12575| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
12576| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
12577| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
12578| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
12579| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
12580| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
12581| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
12582| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
12583| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
12584| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
12585| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
12586| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
12587| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
12588| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
12589| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
12590| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
12591| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
12592| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
12593| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
12594| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
12595| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
12596| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
12597| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
12598| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
12599| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
12600| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
12601| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
12602| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
12603| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
12604| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
12605| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
12606| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
12607| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
12608| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
12609| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
12610| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
12611| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
12612| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
12613| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
12614| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
12615| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
12616| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
12617| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
12618| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
12619| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
12620| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
12621| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
12622| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
12623| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
12624| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
12625| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
12626| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
12627| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
12628| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
12629| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
12630| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
12631| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
12632| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
12633| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
12634| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
12635| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
12636| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
12637| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
12638| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
12639| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
12640| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
12641| [9146] Microsoft Passport SDK 2.1 events reporting disabled
12642| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
12643| [9067] Microsoft Passport SDK 2.1 default test site exposure
12644| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
12645| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
12646| [9064] Microsoft Passport SDK 2.1 default time window exposure
12647| [1271] Microsoft IIS version 2 installed
12648| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
12649|
12650| Exploit-DB - https://www.exploit-db.com:
12651| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
12652| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
12653| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
12654| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
12655| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
12656| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
12657| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
12658| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
12659| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
12660| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
12661| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
12662| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
12663| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
12664| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
12665| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
12666| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
12667| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
12668| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
12669| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
12670| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
12671| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
12672| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
12673| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
12674| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
12675| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
12676| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
12677| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
12678| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
12679| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
12680| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
12681| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
12682| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
12683| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
12684| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
12685| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
12686| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
12687| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
12688| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
12689| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
12690| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
12691| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
12692| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
12693| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
12694| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
12695| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
12696| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
12697| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
12698| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
12699| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
12700| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
12701| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
12702| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
12703| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
12704| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
12705| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
12706| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
12707| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
12708| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
12709| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
12710| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
12711| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
12712| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
12713| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
12714| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
12715| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
12716| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
12717| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
12718| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
12719| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
12720| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
12721| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
12722| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
12723| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
12724| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
12725| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
12726| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
12727| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
12728| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
12729| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
12730| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
12731| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
12732| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
12733| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
12734| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
12735| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
12736| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
12737| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
12738| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
12739| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
12740| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
12741| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
12742| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
12743| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
12744| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
12745| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
12746| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
12747| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
12748| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
12749| [18334] Microsoft Office 2003 Home/Pro 0day
12750| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
12751| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
12752| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
12753| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
12754| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
12755| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
12756| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
12757| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
12758| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
12759| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
12760| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
12761| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
12762| [3690] microsoft office word 2007 - Multiple Vulnerabilities
12763| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
12764| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
12765| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
12766| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
12767| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
12768| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
12769| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
12770| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
12771| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
12772| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
12773| [22850] Microsoft Office OneNote 2010 Crash PoC
12774| [22679] Microsoft Visio 2010 Crash PoC
12775| [22655] Microsoft Publisher 2013 Crash PoC
12776| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
12777| [22330] Microsoft Office Excel 2010 Crash PoC
12778| [22310] Microsoft Office Publisher 2010 Crash PoC
12779| [22237] Microsoft Office Picture Manager 2010 Crash PoC
12780| [22215] Microsoft Office Word 2010 Crash PoC
12781| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
12782| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
12783| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
12784| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
12785| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
12786| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
12787| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
12788| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
12789| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
12790| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
12791|
12792| OpenVAS (Nessus) - http://www.openvas.org:
12793| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
12794| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
12795| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
12796| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
12797| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
12798| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
12799| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
12800| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
12801| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
12802| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
12803| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
12804| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
12805| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
12806|
12807| SecurityTracker - https://www.securitytracker.com:
12808| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
12809| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
12810| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
12811| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
12812| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
12813| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
12814| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
12815| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
12816| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
12817| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
12818| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
12819| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
12820| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
12821| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
12822| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
12823| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
12824| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
12825| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
12826| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
12827| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
12828| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
12829| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
12830| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
12831| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
12832| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
12833| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
12834| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
12835| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
12836| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
12837| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
12838| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
12839| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
12840| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
12841| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
12842| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
12843| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
12844| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
12845| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
12846| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
12847| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
12848| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
12849| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
12850| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
12851| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
12852| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
12853| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
12854| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
12855| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
12856| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
12857| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
12858| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
12859| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
12860| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
12861| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
12862| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
12863| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
12864| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
12865| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
12866| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
12867|
12868| OSVDB - http://www.osvdb.org:
12869| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
12870| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
12871| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
12872| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
12873| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
12874| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
12875| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
12876| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
12877| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
12878| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
12879| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
12880| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
12881| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
12882| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
12883| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
12884| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
12885| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
12886| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
12887| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
12888| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
12889| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
12890| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
12891| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
12892| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
12893| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
12894| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
12895| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
12896| [28539] Microsoft Word 2000 Unspecified Code Execution
12897| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
12898| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
12899| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
12900| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
12901| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
12902| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
12903| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
12904| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
12905| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
12906| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
12907| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
12908| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
12909| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
12910| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
12911| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
12912| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
12913| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
12914| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
12915| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
12916| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
12917| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
12918| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
12919| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
12920| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
12921| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
12922| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
12923| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
12924| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
12925| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
12926| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
12927| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
12928| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
12929| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
12930| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
12931| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
12932| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
12933| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
12934| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
12935| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
12936| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
12937| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
12938| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
12939| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
12940| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
12941| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
12942| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
12943| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
12944| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
12945| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
12946| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
12947| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
12948| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
12949| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
12950| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
12951| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
12952| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
12953| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
12954| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
12955| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
12956| [8243] Microsoft SMS Port 2702 DoS
12957| [7202] Microsoft PowerPoint 2000 File Loader Overflow
12958| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
12959| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
12960| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
12961| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
12962| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
12963| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
12964| [6965] Microsoft ISA Server 2000 SSL Packet DoS
12965| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
12966| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
12967| [5179] Microsoft Windows 2000 microsoft-ds DoS
12968| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
12969| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
12970| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
12971| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
12972| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
12973| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
12974| [4168] Microsoft Outlook 2002 mailto URI Script Injection
12975| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
12976| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
12977| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
12978| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
12979| [2244] Microsoft Windows 2000 ShellExecute() API Let
12980| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
12981| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
12982| [1764] Microsoft Windows 2000 Domain Controller DoS
12983| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
12984| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
12985| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
12986| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
12987| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
12988| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
12989| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
12990| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
12991| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
12992| [1399] Microsoft Windows 2000 Windows Station Access
12993| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
12994| [1297] Microsoft Windows 2000 Active Directory Object Attribute
12995| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
12996| [773] Microsoft Windows 2000 Group Policy File Lock DoS
12997| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
12998| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
12999| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
13000| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
13001| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
13002| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
13003|_
13004445/tcp closed microsoft-ds
13005Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
13006#####################################################################################################################################
13007 Anonymous JTSEC #OpTrump Full Recon #7