· 6 years ago · Oct 18, 2019, 05:50 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.devletarsivleri.gov.tr ISP Turk Telekom
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Istanbul Local time 18 Oct 2019 07:45 +03
8City Istanbul Postal Code 34104
9IP Address 212.175.8.35 Latitude 41.015
10 Longitude 28.932
11======================================================================================================================================
12######################################################################################################################################
13> www.devletarsivleri.gov.tr
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.devletarsivleri.gov.tr
19Address: 212.175.8.35
20>
21#######################################################################################################################################
22** Domain Name: devletarsivleri.gov.tr
23
24** Registrant:
25 Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
26 Gayret Mah. 95.sok. No:3
27 Yenimahalle
28 Ankara,
29 Türkiye
30 dagmbib@devletarsivleri.gov.tr
31 + 90-312-3079000-
32 + 90-312-3151000-
33
34
35** Administrative Contact:
36NIC Handle : tcc27-metu
37Organization Name : Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
38Address : T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
39 Gayret Mahallesi 95. Sokak No:3 06170 Yenimahalle
40 Ankara,06170
41 Türkiye
42Phone : + 90-312-3079000-
43Fax : + 90-315-3151000-
44
45
46** Technical Contact:
47NIC Handle : tcc27-metu
48Organization Name : Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
49Address : T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
50 Gayret Mahallesi 95. Sokak No:3 06170 Yenimahalle
51 Ankara,06170
52 Türkiye
53Phone : + 90-312-3079000-
54Fax : + 90-315-3151000-
55
56
57** Billing Contact:
58NIC Handle : tcc27-metu
59Organization Name : Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
60Address : T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
61 Gayret Mahallesi 95. Sokak No:3 06170 Yenimahalle
62 Ankara,06170
63 Türkiye
64Phone : + 90-312-3079000-
65Fax : + 90-315-3151000-
66
67
68** Domain Servers:
69ns1.devletarsivleri.gov.tr 212.175.8.33
70ns2.devletarsivleri.gov.tr 212.175.8.34
71
72** Additional Info:
73Created on..............: 1999-Jul-20.
74Expires on..............: 2021-Jul-19.
75#######################################################################################################################################
76[+] Target : www.devletarsivleri.gov.tr
77
78[+] IP Address : 212.175.8.35
79
80[+] Headers :
81
82[+] Cache-Control : private
83[+] Content-Type : text/html; charset=utf-8
84[+] Content-Encoding : gzip
85[+] Vary : Accept-Encoding
86[+] Server : Microsoft-IIS/10.0
87[+] Set-Cookie : ASP.NET_SessionId=vx2d3n0vsqpgvhys5ljwtvbr; path=/; HttpOnly
88[+] X-AspNet-Version : 4.0.30319
89[+] X-Powered-By : ASP.NET
90[+] Date : Fri, 18 Oct 2019 04:39:34 GMT
91[+] Content-Length : 31516
92
93[+] SSL Certificate Information :
94
95[+] countryName : TR
96[+] stateOrProvinceName : ANKARA
97[+] localityName : YENIMAHALLE
98[+] organizationalUnitName : IT
99[+] organizationName : DEVLET ARSIVLERI GENEL MUDURLUGU
100[+] commonName : *.devletarsivleri.gov.tr
101[+] countryName : BE
102[+] organizationName : GlobalSign nv-sa
103[+] commonName : GlobalSign Organization Validation CA - SHA256 - G2
104[+] Version : 3
105[+] Serial Number : 6D6E74F87D4677CF4A1BA086
106[+] Not Before : Apr 12 15:03:32 2018 GMT
107[+] Not After : Apr 12 15:03:32 2020 GMT
108[+] OCSP : ('http://ocsp2.globalsign.com/gsorganizationvalsha2g2',)
109[+] subject Alt Name : (('DNS', '*.devletarsivleri.gov.tr'), ('DNS', 'devletarsivleri.gov.tr'))
110[+] CA Issuers : ('http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt',)
111[+] CRL Distribution Points : ('http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl',)
112
113[+] Whois Lookup :
114
115[+] NIR : None
116[+] ASN Registry : ripencc
117[+] ASN : 9121
118[+] ASN CIDR : 212.175.0.0/17
119[+] ASN Country Code : TR
120[+] ASN Date : 1999-08-19
121[+] ASN Description : TTNET, TR
122[+] cidr : 212.175.8.32/27
123[+] name : metro_ethernet_alsat_coklu_IP
124[+] handle : AK19526-RIPE
125[+] range : 212.175.8.32 - 212.175.8.63
126[+] description : 95.cd no 3 Gayret Mh. Yenimahalle ANKARA
127[+] country : TR
128[+] state : None
129[+] city : None
130[+] address : 95.cd no 3 Gayret Mh. Yenimahalle ANKARA
131[+] postal_code : None
132[+] emails : None
133[+] created : 2018-09-24T09:11:57Z
134[+] updated : 2018-09-24T09:11:57Z
135
136[+] Crawling Target...
137
138[+] Looking for robots.txt........[ Found ]
139[+] Extracting robots Links.......[ 0 ]
140[+] Looking for sitemap.xml.......[ Found ]
141[+] Extracting sitemap Links......[ 0 ]
142[+] Extracting CSS Links..........[ 10 ]
143[+] Extracting Javascript Links...[ 10 ]
144[+] Extracting Internal Links.....[ 0 ]
145[+] Extracting External Links.....[ 7 ]
146[+] Extracting Images.............[ 25 ]
147
148[+] Total Links Extracted : 52
149
150[+] Dumping Links in /opt/FinalRecon/dumps/www.devletarsivleri.gov.tr.dump
151[+] Completed!
152#######################################################################################################################################
153[+] Starting At 2019-10-18 00:51:13.246592
154[+] Collecting Information On: http://www.devletarsivleri.gov.tr/
155[#] Status: 200
156--------------------------------------------------
157[#] Web Server Detected: Microsoft-IIS/10.0
158[#] X-Powered-By: ASP.NET
159[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
160- Cache-Control: private
161- Content-Type: text/html; charset=utf-8
162- Content-Encoding: gzip
163- Vary: Accept-Encoding
164- Server: Microsoft-IIS/10.0
165- Set-Cookie: ASP.NET_SessionId=ya4yk2vtsloen1ee30ceu1xe; path=/; HttpOnly
166- X-AspNet-Version: 4.0.30319
167- X-Powered-By: ASP.NET
168- Date: Fri, 18 Oct 2019 04:39:58 GMT
169- Content-Length: 31784
170--------------------------------------------------
171[#] Finding Location..!
172[#] status: success
173[#] country: Turkey
174[#] countryCode: TR
175[#] region: 34
176[#] regionName: Istanbul
177[#] city: Istanbul
178[#] zip: 34104
179[#] lat: 41.0152
180[#] lon: 28.9316
181[#] timezone: Europe/Istanbul
182[#] isp: Turk Telekomunikasyon Anonim Sirketi
183[#] org: metro ethernet alsat coklu IP
184[#] as: AS9121 Turk Telekomunikasyon Anonim Sirketi
185[#] query: 212.175.8.35
186--------------------------------------------------
187[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
188--------------------------------------------------
189[#] Starting Reverse DNS
190[-] Failed ! Fail
191--------------------------------------------------
192[!] Scanning Open Port
193[#] 80/tcp open http
194[#] 443/tcp open https
195--------------------------------------------------
196[+] Collecting Information Disclosure!
197[#] Detecting sitemap.xml file
198[-] sitemap.xml file not Found!?
199[#] Detecting robots.txt file
200[-] robots.txt file not Found!?
201[#] Detecting GNU Mailman
202[-] GNU Mailman App Not Detected!?
203--------------------------------------------------
204[+] Crawling Url Parameter On: http://www.devletarsivleri.gov.tr/
205--------------------------------------------------
206[#] Searching Html Form !
207[+] Html Form Discovered
208[#] action: ./
209[#] class: None
210[#] id: frm
211[#] method: post
212--------------------------------------------------
213[!] Found 1 dom parameter
214[#] http://www.devletarsivleri.gov.tr//javascript:__doPostBack('ctl00$lbDil','')
215--------------------------------------------------
216[!] 1 Internal Dynamic Parameter Discovered
217[+] http://www.devletarsivleri.gov.tr///Sayfalar/Sayfa.aspx?icerik=12&h=AA54A70923B86C8AD74249E0E555F5948A9923AE2A51E06E2DFE30B4D635A1E2
218--------------------------------------------------
219[-] No external Dynamic Paramter Found!?
220--------------------------------------------------
221[!] 18 Internal links Discovered
222[+] http://www.devletarsivleri.gov.tr///varliklar/tasarim/favicon.ico
223[+] http://www.devletarsivleri.gov.tr///css/normalize.css
224[+] http://www.devletarsivleri.gov.tr///css/styles.css
225[+] http://www.devletarsivleri.gov.tr///css/layout.css
226[+] http://www.devletarsivleri.gov.tr///css/vendor.css
227[+] http://www.devletarsivleri.gov.tr///css/fontello.css
228[+] http://www.devletarsivleri.gov.tr///js/vendor/layerslider/css/layerslider.css
229[+] http://www.devletarsivleri.gov.tr///js/vendor/fontawesome/css/all.css
230[+] http://www.devletarsivleri.gov.tr///js/vendor/sweetalert/sweetalert2.min.css
231[+] http://www.devletarsivleri.gov.tr///css/custom.css
232[+] http://www.devletarsivleri.gov.tr///font-awesome/css/font-awesome.css
233[+] http://www.devletarsivleri.gov.tr///
234[+] http://www.devletarsivleri.gov.tr///
235[+] https://katalog.devletarsivleri.gov.tr
236[+] https://katalog.devletarsivleri.gov.tr
237[+] http://www.devletarsivleri.gov.tr///Sayfalar/Yayinlar/Yayinlar.aspx
238[+] http://www.devletarsivleri.gov.tr///Sayfalar/Haberler/Haberler.aspx
239[+] http://www.devletarsivleri.gov.tr///Sayfalar/Haberler/Duyurular.aspx
240--------------------------------------------------
241[!] 5 External links Discovered
242[#] https://www.facebook.com/devletarsivleri
243[#] https://twitter.com/devletarsivleri
244[#] https://www.instagram.com/devletarsivleribaskanligi
245[#] https://www.youtube.com/devletarsivleri/
246[#] https://www.tccb.gov.tr/
247--------------------------------------------------
248[#] Mapping Subdomain..
249[!] Found 8 Subdomain
250- devletarsivleri.gov.tr
251- posta1.devletarsivleri.gov.tr
252- ns1.devletarsivleri.gov.tr
253- posta2.devletarsivleri.gov.tr
254- ns2.devletarsivleri.gov.tr
255- posta.devletarsivleri.gov.tr
256- katalog.devletarsivleri.gov.tr
257- www.devletarsivleri.gov.tr
258--------------------------------------------------
259[!] Done At 2019-10-18 00:52:27.161252
260######################################################################################################################################
261[i] Scanning Site: http://www.devletarsivleri.gov.tr
262
263
264
265B A S I C I N F O
266====================
267
268
269[+] Site Title: T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
270[+] IP address: 212.175.8.35
271[+] Web Server: Microsoft-IIS/10.0
272[+] CMS: Could Not Detect
273[+] Cloudflare: Not Detected
274[+] Robots File: Found
275
276
277
278W H O I S L O O K U P
279========================
280
281 ** Domain Name: devletarsivleri.gov.tr
282
283** Registrant:
284 Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
285 Gayret Mah. 95.sok. No:3
286 Yenimahalle
287 Ankara,
288 Türkiye
289 dagmbib@devletarsivleri.gov.tr
290 + 90-312-3079000-
291 + 90-312-3151000-
292
293
294** Administrative Contact:
295NIC Handle : tcc27-metu
296Organization Name : Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
297Address : T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
298 Gayret Mahallesi 95. Sokak No:3 06170 Yenimahalle
299 Ankara,06170
300 Türkiye
301Phone : + 90-312-3079000-
302Fax : + 90-315-3151000-
303
304
305** Technical Contact:
306NIC Handle : tcc27-metu
307Organization Name : Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
308Address : T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
309 Gayret Mahallesi 95. Sokak No:3 06170 Yenimahalle
310 Ankara,06170
311 Türkiye
312Phone : + 90-312-3079000-
313Fax : + 90-315-3151000-
314
315
316** Billing Contact:
317NIC Handle : tcc27-metu
318Organization Name : Türkiye Cumhuriyeti Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
319Address : T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı
320 Gayret Mahallesi 95. Sokak No:3 06170 Yenimahalle
321 Ankara,06170
322 Türkiye
323Phone : + 90-312-3079000-
324Fax : + 90-315-3151000-
325
326
327** Domain Servers:
328ns1.devletarsivleri.gov.tr 212.175.8.33
329ns2.devletarsivleri.gov.tr 212.175.8.34
330
331** Additional Info:
332Created on..............: 1999-Jul-20.
333Expires on..............: 2021-Jul-19.
334
335
336
337
338G E O I P L O O K U P
339=========================
340
341[i] IP Address: 212.175.8.35
342[i] Country: Turkey
343[i] State:
344[i] City:
345[i] Latitude: 41.0214
346[i] Longitude: 28.9948
347
348
349
350
351H T T P H E A D E R S
352=======================
353
354
355[i] HTTP/1.1 200 OK
356[i] Cache-Control: private
357[i] Content-Type: text/html; charset=utf-8
358[i] Server: Microsoft-IIS/10.0
359[i] Set-Cookie: ASP.NET_SessionId=eudbgnsqcfdpor3gpm3bytfh; path=/; HttpOnly
360[i] X-AspNet-Version: 4.0.30319
361[i] X-Powered-By: ASP.NET
362[i] Date: Fri, 18 Oct 2019 04:39:55 GMT
363[i] Connection: close
364[i] Content-Length: 52150
365
366
367
368
369D N S L O O K U P
370===================
371
372devletarsivleri.gov.tr. 3599 IN A 212.175.8.35
373devletarsivleri.gov.tr. 3599 IN NS ns1.devletarsivleri.gov.tr.
374devletarsivleri.gov.tr. 3599 IN NS ns2.devletarsivleri.gov.tr.
375devletarsivleri.gov.tr. 3599 IN SOA ns1.devletarsivleri.gov.tr. dnsadmin.devletarsivleri.gov.tr. 2019031501 3600 600 604800 3600
376devletarsivleri.gov.tr. 3599 IN MX 20 posta2.devletarsivleri.gov.tr.
377devletarsivleri.gov.tr. 3599 IN MX 10 posta1.devletarsivleri.gov.tr.
378devletarsivleri.gov.tr. 3599 IN TXT "v=spf1 mx ip4:212.175.8.36 ip4:212.175.8.43 -all"
379devletarsivleri.gov.tr. 3599 IN TXT "v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyrBtEZZBUAA78I/LI7QmuVFzqg39DN88+Y/g6CsvMS6t8DC7Pxq9e3TVRG8YKoswg0KyZU96U2g5VbuXDf9ukukpCohe"
380
381
382
383
384S U B N E T C A L C U L A T I O N
385====================================
386
387Address = 212.175.8.35
388Network = 212.175.8.35 / 32
389Netmask = 255.255.255.255
390Broadcast = not needed on Point-to-Point links
391Wildcard Mask = 0.0.0.0
392Hosts Bits = 0
393Max. Hosts = 1 (2^0 - 0)
394Host Range = { 212.175.8.35 - 212.175.8.35 }
395
396
397
398N M A P P O R T S C A N
399============================
400
401Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-18 04:51 UTC
402Nmap scan report for devletarsivleri.gov.tr (212.175.8.35)
403Host is up (0.12s latency).
404
405PORT STATE SERVICE
40621/tcp filtered ftp
40722/tcp filtered ssh
40823/tcp filtered telnet
40980/tcp open http
410110/tcp filtered pop3
411143/tcp filtered imap
412443/tcp open https
4133389/tcp filtered ms-wbt-server
414
415Nmap done: 1 IP address (1 host up) scanned in 8.84 seconds
416
417
418
419S U B - D O M A I N F I N D E R
420==================================
421
422
423[i] Total Subdomains Found : 7
424
425[+] Subdomain: posta1.devletarsivleri.gov.tr
426[-] IP: 212.175.8.36
427
428[+] Subdomain: ns1.devletarsivleri.gov.tr
429[-] IP: 212.175.8.33
430
431[+] Subdomain: posta2.devletarsivleri.gov.tr
432[-] IP: 212.175.8.43
433
434[+] Subdomain: ns2.devletarsivleri.gov.tr
435[-] IP: 212.175.8.34
436
437[+] Subdomain: posta.devletarsivleri.gov.tr
438[-] IP: 212.175.8.42
439
440[+] Subdomain: katalog.devletarsivleri.gov.tr
441[-] IP: 212.175.8.37
442
443[+] Subdomain: www.devletarsivleri.gov.tr
444[-] IP: 212.175.8.35
445#######################################################################################################################################
446
447[INFO] ------TARGET info------
448[*] TARGET: http://www.devletarsivleri.gov.tr/
449[*] TARGET IP: 212.175.8.35
450[INFO] NO load balancer detected for www.devletarsivleri.gov.tr...
451[*] DNS servers: ns1.devletarsivleri.gov.tr.
452[*] TARGET server: Microsoft-IIS/10.0
453[*] CC: TR
454[*] Country: Turkey
455[*] RegionCode: 34
456[*] RegionName: Istanbul
457[*] City: Istanbul
458[*] ASN: AS9121
459[*] BGP_PREFIX: 212.174.0.0/15
460[*] ISP: TTNet Turk Telekomunikasyon Anonim Sirketi, TR
461[INFO] DNS enumeration:
462[*] mail.devletarsivleri.gov.tr posta.devletarsivleri.gov.tr. 212.175.8.42
463[*] ns1.devletarsivleri.gov.tr 212.175.8.33
464[*] ns2.devletarsivleri.gov.tr 212.175.8.34
465[INFO] Possible abuse mails are:
466[*] abuse@devletarsivleri.gov.tr
467[*] abuse@ttnet.com.tr
468[*] abuse@www.devletarsivleri.gov.tr
469[INFO] NO PAC (Proxy Auto Configuration) file FOUND
470[ALERT] robots.txt file FOUND in http://www.devletarsivleri.gov.tr/robots.txt
471[INFO] Checking for HTTP status codes recursively from http://www.devletarsivleri.gov.tr/robots.txt
472[INFO] Status code Folders
473[INFO] Starting FUZZing in http://www.devletarsivleri.gov.tr/FUzZzZzZzZz...
474[INFO] Status code Folders
475[*] 200 http://www.devletarsivleri.gov.tr/index
476[*] 200 http://www.devletarsivleri.gov.tr/download
477[*] 200 http://www.devletarsivleri.gov.tr/2006
478[*] 200 http://www.devletarsivleri.gov.tr/news
479[*] 200 http://www.devletarsivleri.gov.tr/crack
480[*] 200 http://www.devletarsivleri.gov.tr/serial
481[*] 200 http://www.devletarsivleri.gov.tr/warez
482[*] 200 http://www.devletarsivleri.gov.tr/full
483[*] 200 http://www.devletarsivleri.gov.tr/12
484[ALERT] Look in the source code. It may contain passwords
485[INFO] Links found from http://www.devletarsivleri.gov.tr/ http://212.175.8.35/:
486[*] https://katalog.devletarsivleri.gov.tr/
487[*] https://twitter.com/devletarsivleri
488[*] https://www.cimer.gov.tr/
489[*] https://www.facebook.com/devletarsivleri
490[*] https://www.instagram.com/devletarsivleribaskanligi
491[*] https://www.tccb.gov.tr/
492[*] https://www.youtube.com/devletarsivleri/
493[*] https://www.youtube-nocookie.com/embed/dqOLkCd3x_Q?wmode=transparent&controls=0&rel=0
494[*] http://www.devletarsivleri.gov.tr/
495[*] http://www.devletarsivleri.gov.tr/Sayfalar/AnaSayfa.aspx?dab
496[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Duyuru.aspx?ID=2145
497[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Duyuru.aspx?ID=3162
498[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Duyurular.aspx
499[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haber.aspx?ID=3163
500[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haber.aspx?ID=3164
501[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haber.aspx?ID=3165
502[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haber.aspx?ID=3166
503[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haber.aspx?ID=3167
504[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haber.aspx?ID=3168
505[*] http://www.devletarsivleri.gov.tr/Sayfalar/Haberler/Haberler.aspx
506[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=1024&h=6C70066EFE8D7A01793410A7A2C32EA2EC33219BD8071DC51E21B150D20385A8
507[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=1030&h=92BE7C48C7C181481EF5CBDAC2DE662069CD6CC7C5F209D9811C5B34F36A3E72
508[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=1032&h=CBEF46378FB1FD55AB9280BA97510A535927423340CC44C321062E3F4543EF7A
509[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=12&h=AA54A70923B86C8AD74249E0E555F5948A9923AE2A51E06E2DFE30B4D635A1E2
510[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=3&h=934515957719AB25DF388559A8E86A767FD99E56CFFDE08AE38B07C4F6D43854
511[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=4&h=4ED7C6FC0901076942FD7973AF6CD3F7BC5DC84B001433968BE9919D6C54E66B
512[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=5&h=03FD8478E12A04F5BF448FAED70D45C1E18751AF032DCEA9C52D4AEC760AF182
513[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=6&h=5EB41D7C1EB8CE6652CE0242CC1F24B5329C39893586470A64C561796765AFD9
514[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=7&h=7063361CBAAC3C421E5402D9EED43F9CEE1A60EAAC5D7F217A7EB3D3F589CC15
515[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=8&h=88DAD2CB3E94B7DEBF8AEC4746969D5A71B7709015F9D849983AE264491DE068
516[*] http://www.devletarsivleri.gov.tr/Sayfalar/Sayfa.aspx?icerik=9&h=ADA45D7B737CBC58F13C672C0AECCA8E9F0DDB54A7AB8426349949A5FDEB9E15
517[*] http://www.devletarsivleri.gov.tr/Sayfalar/Yayinlar/Galeri.aspx
518[*] http://www.devletarsivleri.gov.tr/Sayfalar/Yayinlar/Koleksiyonlar.aspx?c=1
519[*] http://www.devletarsivleri.gov.tr/Sayfalar/Yayinlar/Koleksiyonlar.aspx?c=2
520[*] http://www.devletarsivleri.gov.tr/Sayfalar/Yayinlar/Yayinlar.aspx
521[INFO] GOOGLE has 9,440 results (0.25 seconds) about http://www.devletarsivleri.gov.tr/
522[INFO] Shodan detected the following opened ports on 212.175.8.35:
523[*] 443
524[*] 80
525[INFO] ------VirusTotal SECTION------
526[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
527[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
528[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
529[INFO] ------Alexa Rank SECTION------
530[INFO] Percent of Visitors Rank in Country:
531[INFO] Percent of Search Traffic:
532[INFO] Percent of Unique Visits:
533[INFO] Total Sites Linking In:
534[*] Total Sites
535[INFO] Useful links related to www.devletarsivleri.gov.tr - 212.175.8.35:
536[*] https://www.virustotal.com/pt/ip-address/212.175.8.35/information/
537[*] https://www.hybrid-analysis.com/search?host=212.175.8.35
538[*] https://www.shodan.io/host/212.175.8.35
539[*] https://www.senderbase.org/lookup/?search_string=212.175.8.35
540[*] https://www.alienvault.com/open-threat-exchange/ip/212.175.8.35
541[*] http://pastebin.com/search?q=212.175.8.35
542[*] http://urlquery.net/search.php?q=212.175.8.35
543[*] http://www.alexa.com/siteinfo/www.devletarsivleri.gov.tr
544[*] http://www.google.com/safebrowsing/diagnostic?site=www.devletarsivleri.gov.tr
545[*] https://censys.io/ipv4/212.175.8.35
546[*] https://www.abuseipdb.com/check/212.175.8.35
547[*] https://urlscan.io/search/#212.175.8.35
548[*] https://github.com/search?q=212.175.8.35&type=Code
549[INFO] Useful links related to AS9121 - 212.174.0.0/15:
550[*] http://www.google.com/safebrowsing/diagnostic?site=AS:9121
551[*] https://www.senderbase.org/lookup/?search_string=212.174.0.0/15
552[*] http://bgp.he.net/AS9121
553[*] https://stat.ripe.net/AS9121
554[INFO] Date: 18/10/19 | Time: 00:52:45
555[INFO] Total time: 1 minute(s) and 27 second(s)
556######################################################################################################################################
557Trying "devletarsivleri.gov.tr"
558;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29691
559;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 2, ADDITIONAL: 2
560
561;; QUESTION SECTION:
562;devletarsivleri.gov.tr. IN ANY
563
564;; ANSWER SECTION:
565devletarsivleri.gov.tr. 3600 IN TXT "v=spf1 mx ip4:212.175.8.36 ip4:212.175.8.43 -all"
566devletarsivleri.gov.tr. 3600 IN TXT "v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly"
567devletarsivleri.gov.tr. 3600 IN MX 10 posta1.devletarsivleri.gov.tr.
568devletarsivleri.gov.tr. 3600 IN MX 20 posta2.devletarsivleri.gov.tr.
569devletarsivleri.gov.tr. 3600 IN SOA ns1.devletarsivleri.gov.tr. dnsadmin.devletarsivleri.gov.tr. 2019031501 3600 600 604800 3600
570devletarsivleri.gov.tr. 3600 IN A 212.175.8.35
571devletarsivleri.gov.tr. 3600 IN NS ns1.devletarsivleri.gov.tr.
572devletarsivleri.gov.tr. 3600 IN NS ns2.devletarsivleri.gov.tr.
573
574;; AUTHORITY SECTION:
575devletarsivleri.gov.tr. 3600 IN NS ns2.devletarsivleri.gov.tr.
576devletarsivleri.gov.tr. 3600 IN NS ns1.devletarsivleri.gov.tr.
577
578;; ADDITIONAL SECTION:
579ns2.devletarsivleri.gov.tr. 43200 IN A 212.175.8.34
580ns1.devletarsivleri.gov.tr. 43200 IN A 212.175.8.33
581
582Received 391 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 429 ms
583######################################################################################################################################
584
585; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace devletarsivleri.gov.tr
586;; global options: +cmd
587. 83778 IN NS b.root-servers.net.
588. 83778 IN NS g.root-servers.net.
589. 83778 IN NS k.root-servers.net.
590. 83778 IN NS a.root-servers.net.
591. 83778 IN NS i.root-servers.net.
592. 83778 IN NS f.root-servers.net.
593. 83778 IN NS d.root-servers.net.
594. 83778 IN NS m.root-servers.net.
595. 83778 IN NS l.root-servers.net.
596. 83778 IN NS c.root-servers.net.
597. 83778 IN NS j.root-servers.net.
598. 83778 IN NS e.root-servers.net.
599. 83778 IN NS h.root-servers.net.
600. 83778 IN RRSIG NS 8 0 518400 20191030170000 20191017160000 22545 . jZtt8yTvshG1BzuF/j46it/rTAR5IORJIa7xst0rHRa+LsH2OC0Qqnly mI3l1L4eTRQ7GgWNYhu4Pa2HWTDy+tvS9eEtZ/YNadVkV7J5EBFFfqCT lhDnd6TDugQhocjufuiLqIt93hdLCqq80ASBDYZ8I8Cm3BB0qb/ccGlI XQ5MVFCZEV6xRLzxWwRy2CLdZFTLjcPa2nQrXnpB0hGoEdCde09sQMK8 ZEcPjCUD9AOM4qiYsHICwjCv2guKRYri9Gumnea1I4iHuVNXOzz4mWJY XCuMBiiNRfi+i70ExEhDNkNnsOS/v9i+l/SnuI71FVlH/qSe1niIM5FA hp9AGA==
601;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 240 ms
602
603tr. 172800 IN NS ns21.nic.tr.
604tr. 172800 IN NS ns22.nic.tr.
605tr. 172800 IN NS ns31.nic.tr.
606tr. 172800 IN NS ns41.nic.tr.
607tr. 172800 IN NS ns42.nic.tr.
608tr. 172800 IN NS ns91.nic.tr.
609tr. 172800 IN NS ns92.nic.tr.
610tr. 86400 IN NSEC trade. NS RRSIG NSEC
611tr. 86400 IN RRSIG NSEC 8 1 86400 20191030170000 20191017160000 22545 . j6aSkD28Nn/4wTHeT8PJvGxpWc8PkN+RhwjdgEs5gu7Lqt/BtNirPxIa lL4UjwjVKyC8QsI2VC0TxcGcqgFx2KqNoWXWAT64L+p6+ZfBNxQm+39y rGt1SKiyQxhREt14Sv9BNeUs0E0lz8C+DGcs3x863G1G16CTHazTR/Cb yqwV+dNidOmhVeOr16MVo01sAiuTCyHbWPNjsHr3Xca52p2tL5C9VRQY Hml65G68qRiEHBY8G4JIil3jC39oZqPGsS35haXThhUWhcxZezHwYnFX JuQQlni9E5YSGChbu1GhdYOnZBbroHuQP1QnVOX/G3TcfB+RJsy5x/n8 n4DRSw==
612;; Received 726 bytes from 2001:500:1::53#53(h.root-servers.net) in 41 ms
613
614devletarsivleri.gov.tr. 43200 IN NS ns1.devletarsivleri.gov.tr.
615devletarsivleri.gov.tr. 43200 IN NS ns2.devletarsivleri.gov.tr.
616;; Received 119 bytes from 2001:a98:10:eeee::42#53(ns42.nic.tr) in 169 ms
617
618devletarsivleri.gov.tr. 3600 IN A 212.175.8.35
619;; Received 79 bytes from 212.175.8.33#53(ns1.devletarsivleri.gov.tr) in 305 ms
620#######################################################################################################################################
621[*] Performing General Enumeration of Domain: devletarsivleri.gov.tr
622[-] DNSSEC is not configured for devletarsivleri.gov.tr
623[*] SOA ns1.devletarsivleri.gov.tr 212.175.8.33
624[*] NS ns1.devletarsivleri.gov.tr 212.175.8.33
625[*] NS ns2.devletarsivleri.gov.tr 212.175.8.34
626[*] MX posta2.devletarsivleri.gov.tr 212.175.8.43
627[*] MX posta1.devletarsivleri.gov.tr 212.175.8.36
628[*] A devletarsivleri.gov.tr 212.175.8.35
629[*] TXT devletarsivleri.gov.tr v=spf1 mx ip4:212.175.8.36 ip4:212.175.8.43 -all
630[*] TXT devletarsivleri.gov.tr v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly
631[*] Enumerating SRV Records
632[-] No SRV Records Found for devletarsivleri.gov.tr
633[+] 0 Records Found
634#######################################################################################################################################
635[*] Processing domain devletarsivleri.gov.tr
636[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
637[+] Getting nameservers
638212.175.8.33 - ns1.devletarsivleri.gov.tr
639212.175.8.34 - ns2.devletarsivleri.gov.tr
640[-] Zone transfer failed
641
642[+] TXT records found
643"v=spf1 mx ip4:212.175.8.36 ip4:212.175.8.43 -all"
644"v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly"
645
646[+] MX records found, added to target list
64720 posta2.devletarsivleri.gov.tr.
64810 posta1.devletarsivleri.gov.tr.
649
650[*] Scanning devletarsivleri.gov.tr for A records
651212.175.8.36 - posta1.devletarsivleri.gov.tr
652212.175.8.35 - devletarsivleri.gov.tr
653212.175.8.43 - posta2.devletarsivleri.gov.tr
654212.175.8.42 - autodiscover.devletarsivleri.gov.tr
655212.175.8.42 - mail.devletarsivleri.gov.tr
656212.175.8.33 - ns1.devletarsivleri.gov.tr
657212.175.8.34 - ns2.devletarsivleri.gov.tr
658212.175.8.35 - www.devletarsivleri.gov.tr
659#######################################################################################################################################
660 AVAILABLE PLUGINS
661 -----------------
662
663 HttpHeadersPlugin
664 SessionRenegotiationPlugin
665 SessionResumptionPlugin
666 EarlyDataPlugin
667 CompressionPlugin
668 OpenSslCipherSuitesPlugin
669 HeartbleedPlugin
670 RobotPlugin
671 CertificateInfoPlugin
672 FallbackScsvPlugin
673 OpenSslCcsInjectionPlugin
674
675
676
677 CHECKING HOST(S) AVAILABILITY
678 -----------------------------
679
680 212.175.8.35:443 => 212.175.8.35
681
682
683
684
685 SCAN RESULTS FOR 212.175.8.35:443 - 212.175.8.35
686 ------------------------------------------------
687
688 * OpenSSL CCS Injection:
689 OK - Not vulnerable to OpenSSL CCS injection
690
691 * Downgrade Attacks:
692 TLS_FALLBACK_SCSV: VULNERABLE - Signaling cipher suite not supported
693
694 * SSLV2 Cipher Suites:
695 Server rejected all cipher suites.
696
697 * TLS 1.2 Session Resumption Support:
698 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
699 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
700
701 * Session Renegotiation:
702 Client-initiated Renegotiation: OK - Rejected
703 Secure Renegotiation: OK - Supported
704
705 * TLSV1_3 Cipher Suites:
706 Server rejected all cipher suites.
707
708 * SSLV3 Cipher Suites:
709 Server rejected all cipher suites.
710
711 * Deflate Compression:
712 OK - Compression disabled
713
714 * TLSV1_1 Cipher Suites:
715 Forward Secrecy OK - Supported
716 RC4 INSECURE - Supported
717
718 Preferred:
719 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
720 Accepted:
721 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
722 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
723 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
724 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
725 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
726 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
727 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
728 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
729 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
730
731 * OpenSSL Heartbleed:
732 OK - Not vulnerable to Heartbleed
733
734 * TLSV1_2 Cipher Suites:
735 Forward Secrecy OK - Supported
736 RC4 INSECURE - Supported
737
738 Preferred:
739 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
740 Accepted:
741 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
742 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
743 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
744 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
745 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
746 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
747 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
748 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
749 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
750 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
751 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
752 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
753 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
754 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
755 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
756 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
757 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
758 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
759 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
760
761 * Certificate Information:
762 Content
763 SHA1 Fingerprint: a35b6a8cfcb6e7fcf99485483026aa037e127a8b
764 Common Name: *.devletarsivleri.gov.tr
765 Issuer: GlobalSign Organization Validation CA - SHA256 - G2
766 Serial Number: 33867400289015799094328402054
767 Not Before: 2018-04-12 15:03:32
768 Not After: 2020-04-12 15:03:32
769 Signature Algorithm: sha256
770 Public Key Algorithm: RSA
771 Key Size: 2048
772 Exponent: 65537 (0x10001)
773 DNS Subject Alternative Names: ['*.devletarsivleri.gov.tr', 'devletarsivleri.gov.tr']
774
775 Trust
776 Hostname Validation: FAILED - Certificate does NOT match 212.175.8.35
777 Android CA Store (9.0.0_r9): OK - Certificate is trusted
778 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
779 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
780 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
781 Windows CA Store (2019-05-27): OK - Certificate is trusted
782 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
783 Received Chain: *.devletarsivleri.gov.tr --> GlobalSign Organization Validation CA - SHA256 - G2
784 Verified Chain: *.devletarsivleri.gov.tr --> GlobalSign Organization Validation CA - SHA256 - G2 --> GlobalSign Root CA
785 Received Chain Contains Anchor: OK - Anchor certificate not sent
786 Received Chain Order: OK - Order is valid
787 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
788
789 Extensions
790 OCSP Must-Staple: NOT SUPPORTED - Extension not found
791 Certificate Transparency: OK - 3 SCTs included
792
793 OCSP Stapling
794 NOT SUPPORTED - Server did not send back an OCSP response
795
796 * ROBOT Attack:
797 OK - Not vulnerable
798
799 * TLSV1 Cipher Suites:
800 Forward Secrecy OK - Supported
801 RC4 INSECURE - Supported
802
803 Preferred:
804 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
805 Accepted:
806 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 404 Not Found
807 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 404 Not Found
808 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
809 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
810 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Error sending HTTP GET
811 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
812 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
813 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Error sending HTTP GET
814 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Error sending HTTP GET
815
816
817 SCAN COMPLETED IN 26.79 S
818 -------------------------
819#######################################################################################################################################
820Ip Address Status Type Domain Name Server
821---------- ------ ---- ----------- ------
822212.175.8.42 302 alias mail.devletarsivleri.gov.tr Microsoft-IIS/10.0
823212.175.8.42 302 host posta.devletarsivleri.gov.tr Microsoft-IIS/10.0
824212.175.8.33 host ns1.devletarsivleri.gov.tr
825212.175.8.34 host ns2.devletarsivleri.gov.tr
826212.175.8.42 302 host posta.devletarsivleri.gov.tr Microsoft-IIS/10.0
827212.175.8.35 200 host www.devletarsivleri.gov.tr Microsoft-IIS/10.0
828######################################################################################################################################
829Domains still to check: 1
830 Checking if the hostname devletarsivleri.gov.tr. given is in fact a domain...
831
832Analyzing domain: devletarsivleri.gov.tr.
833 Checking NameServers using system default resolver...
834 IP: 212.175.8.33 (Turkey)
835 HostName: ns1.devletarsivleri.gov.tr Type: NS
836 IP: 212.175.8.34 (Turkey)
837 HostName: ns2.devletarsivleri.gov.tr Type: NS
838
839 Checking MailServers using system default resolver...
840 IP: 212.175.8.43 (Turkey)
841 HostName: posta2.devletarsivleri.gov.tr Type: MX
842 IP: 212.175.8.36 (Turkey)
843 HostName: posta1.devletarsivleri.gov.tr Type: MX
844 HostName: posta.devletarsivleri.gov.tr Type: PTR
845
846 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
847 No zone transfer found on nameserver 212.175.8.34
848 No zone transfer found on nameserver 212.175.8.33
849
850 Checking SPF record...
851
852 Checking 192 most common hostnames using system default resolver...
853 IP: 212.175.8.35 (Turkey)
854 HostName: www.devletarsivleri.gov.tr. Type: A
855 IP: 212.175.8.42 (Turkey)
856 HostName: mail.devletarsivleri.gov.tr. Type: A
857 IP: 212.175.8.33 (Turkey)
858 HostName: ns1.devletarsivleri.gov.tr Type: NS
859 HostName: ns1.devletarsivleri.gov.tr. Type: A
860 IP: 212.175.8.34 (Turkey)
861 HostName: ns2.devletarsivleri.gov.tr Type: NS
862 HostName: ns2.devletarsivleri.gov.tr. Type: A
863
864 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
865 Checking netblock 212.175.8.0
866
867 Searching for devletarsivleri.gov.tr. emails in Google
868 dab@devletarsivleri.gov.tr.
869 dab@devletarsivleri.gov.trh
870 dab@devletarsivleri.gov.tr
871
872 Checking 6 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
873 Host 212.175.8.36 is up (reset ttl 64)
874 Host 212.175.8.35 is up (reset ttl 64)
875 Host 212.175.8.34 is up (reset ttl 64)
876 Host 212.175.8.42 is up (reset ttl 64)
877 Host 212.175.8.43 is up (reset ttl 64)
878 Host 212.175.8.33 is up (reset ttl 64)
879
880 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
881 Scanning ip 212.175.8.36 (posta.devletarsivleri.gov.tr (PTR)):
882 Scanning ip 212.175.8.35 (www.devletarsivleri.gov.tr.):
883 Scanning ip 212.175.8.34 (ns2.devletarsivleri.gov.tr.):
884 53/tcp open domain? syn-ack ttl 116
885 Device type: general purpose|WAP
886 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
887 Scanning ip 212.175.8.42 (mail.devletarsivleri.gov.tr.):
888 80/tcp open http syn-ack ttl 116 Microsoft IIS httpd 10.0
889 | http-methods:
890 |_ Supported Methods: GET HEAD POST OPTIONS
891 |_http-server-header: Microsoft-IIS/10.0
892 |_http-title: Did not follow redirect to https://posta.devletarsivleri.gov.tr/owa/
893 143/tcp open imap syn-ack ttl 116 Microsoft Exchange 2007-2010 imapd
894 |_imap-capabilities: UIDPLUS IDLE completed IMAP4rev1 SASL-IR LOGINDISABLED CAPABILITY OK LITERAL+A0001 NAMESPACE MOVE CHILDREN UNSELECT STARTTLS ID IMAP4
895 | imap-ntlm-info:
896 | Target_Name: DEVLETARSIVLERI
897 | NetBIOS_Domain_Name: DEVLETARSIVLERI
898 | NetBIOS_Computer_Name: POSTA
899 | DNS_Domain_Name: devletarsivleri.gov.tr
900 | DNS_Computer_Name: posta.devletarsivleri.gov.tr
901 | DNS_Tree_Name: devletarsivleri.gov.tr
902 |_ Product_Version: 10.0.14393
903 | ssl-cert: Subject: commonName=posta
904 | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
905 | Issuer: commonName=posta
906 | Public Key type: rsa
907 | Public Key bits: 2048
908 | Signature Algorithm: sha1WithRSAEncryption
909 | Not valid before: 2018-12-27T12:41:00
910 | Not valid after: 2023-12-27T12:41:00
911 | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
912 |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
913 |_ssl-date: 2019-10-18T04:58:02+00:00; -13m46s from scanner time.
914 443/tcp open ssl/http syn-ack ttl 116 Microsoft IIS httpd 10.0
915 |_http-favicon: Unknown favicon MD5: 510FD8B46942B5ADFAC92D5499EACD97
916 | http-methods:
917 |_ Supported Methods: GET HEAD POST OPTIONS
918 |_http-server-header: Microsoft-IIS/10.0
919 | http-title: Outlook
920 |_Requested resource was https://212.175.8.42/owa/auth/logon.aspx?url=https%3a%2f%2f212.175.8.42%2fowa%2f&reason=0
921 | ssl-cert: Subject: commonName=*.devletarsivleri.gov.tr/organizationName=DEVLET ARSIVLERI GENEL MUDURLUGU/stateOrProvinceName=ANKARA/countryName=TR
922 | Subject Alternative Name: DNS:*.devletarsivleri.gov.tr, DNS:devletarsivleri.gov.tr
923 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
924 | Public Key type: rsa
925 | Public Key bits: 2048
926 | Signature Algorithm: sha256WithRSAEncryption
927 | Not valid before: 2018-04-12T15:03:32
928 | Not valid after: 2020-04-12T15:03:32
929 | MD5: 7e01 07dd 6506 2fd6 e787 e2ca 25b7 984b
930 |_SHA-1: a35b 6a8c fcb6 e7fc f994 8548 3026 aa03 7e12 7a8b
931 |_ssl-date: 2019-10-18T04:58:01+00:00; -13m47s from scanner time.
932 | tls-alpn:
933 | h2
934 |_ http/1.1
935 465/tcp open smtp syn-ack ttl 116 Microsoft Exchange smtpd
936 | smtp-commands: posta.devletarsivleri.gov.tr Hello [45.131.4.6], SIZE 2146435072, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, X-ANONYMOUSTLS, AUTH GSSAPI NTLM, X-EXPS GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING, XEXCH50, XRDST, XSHADOWREQUEST,
937 |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
938 | smtp-ntlm-info:
939 | Target_Name: DEVLETARSIVLERI
940 | NetBIOS_Domain_Name: DEVLETARSIVLERI
941 | NetBIOS_Computer_Name: POSTA
942 | DNS_Domain_Name: devletarsivleri.gov.tr
943 | DNS_Computer_Name: posta.devletarsivleri.gov.tr
944 | DNS_Tree_Name: devletarsivleri.gov.tr
945 |_ Product_Version: 10.0.14393
946 | ssl-cert: Subject: commonName=posta
947 | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
948 | Issuer: commonName=posta
949 | Public Key type: rsa
950 | Public Key bits: 2048
951 | Signature Algorithm: sha1WithRSAEncryption
952 | Not valid before: 2018-12-27T12:41:00
953 | Not valid after: 2023-12-27T12:41:00
954 | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
955 |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
956 |_ssl-date: 2019-10-18T04:58:02+00:00; -13m46s from scanner time.
957 587/tcp open smtp syn-ack ttl 116 Microsoft Exchange smtpd
958 | smtp-commands: posta.devletarsivleri.gov.tr Hello [45.131.4.6], SIZE 2146435072, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, AUTH GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING,
959 |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
960 | smtp-ntlm-info:
961 | Target_Name: DEVLETARSIVLERI
962 | NetBIOS_Domain_Name: DEVLETARSIVLERI
963 | NetBIOS_Computer_Name: POSTA
964 | DNS_Domain_Name: devletarsivleri.gov.tr
965 | DNS_Computer_Name: posta.devletarsivleri.gov.tr
966 | DNS_Tree_Name: devletarsivleri.gov.tr
967 |_ Product_Version: 10.0.14393
968 | ssl-cert: Subject: commonName=posta
969 | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
970 | Issuer: commonName=posta
971 | Public Key type: rsa
972 | Public Key bits: 2048
973 | Signature Algorithm: sha1WithRSAEncryption
974 | Not valid before: 2018-12-27T12:41:00
975 | Not valid after: 2023-12-27T12:41:00
976 | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
977 |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
978 |_ssl-date: 2019-10-18T04:58:02+00:00; -13m46s from scanner time.
979 993/tcp open ssl/imap syn-ack ttl 116 Microsoft Exchange 2007-2010 imapd
980 |_imap-capabilities: AUTH=NTLM IMAP4rev1 CHILDREN MOVE AUTH=GSSAPI UNSELECT ID UIDPLUS IDLE CAPABILITY AUTH=PLAIN OK completed LITERAL+A0001 SASL-IR NAMESPACE IMAP4
981 | imap-ntlm-info:
982 | Target_Name: DEVLETARSIVLERI
983 | NetBIOS_Domain_Name: DEVLETARSIVLERI
984 | NetBIOS_Computer_Name: POSTA
985 | DNS_Domain_Name: devletarsivleri.gov.tr
986 | DNS_Computer_Name: posta.devletarsivleri.gov.tr
987 | DNS_Tree_Name: devletarsivleri.gov.tr
988 |_ Product_Version: 10.0.14393
989 | ssl-cert: Subject: commonName=posta
990 | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
991 | Issuer: commonName=posta
992 | Public Key type: rsa
993 | Public Key bits: 2048
994 | Signature Algorithm: sha1WithRSAEncryption
995 | Not valid before: 2018-12-27T12:41:00
996 | Not valid after: 2023-12-27T12:41:00
997 | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
998 |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
999 |_ssl-date: 2019-10-18T04:58:01+00:00; -13m47s from scanner time.
1000 8008/tcp open http syn-ack ttl 54
1001 | fingerprint-strings:
1002 | FourOhFourRequest:
1003 | HTTP/1.1 302 Found
1004 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1005 | Connection: close
1006 | X-Frame-Options: SAMEORIGIN
1007 | X-XSS-Protection: 1; mode=block
1008 | X-Content-Type-Options: nosniff
1009 | Content-Security-Policy: frame-ancestors
1010 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1011 | HTTP/1.1 302 Found
1012 | Location: https://:8010
1013 | Connection: close
1014 | X-Frame-Options: SAMEORIGIN
1015 | X-XSS-Protection: 1; mode=block
1016 | X-Content-Type-Options: nosniff
1017 | Content-Security-Policy: frame-ancestors
1018 | GetRequest:
1019 | HTTP/1.1 302 Found
1020 | Location: https://:8010/
1021 | Connection: close
1022 | X-Frame-Options: SAMEORIGIN
1023 | X-XSS-Protection: 1; mode=block
1024 | X-Content-Type-Options: nosniff
1025 |_ Content-Security-Policy: frame-ancestors
1026 | http-methods:
1027 |_ Supported Methods: GET HEAD POST OPTIONS
1028 |_http-title: Did not follow redirect to https://212.175.8.42:8010/
1029 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1030 OS Info: Service Info: Host: posta.devletarsivleri.gov.tr; OS: Windows; CPE: cpe:/o:microsoft:windows
1031 Scanning ip 212.175.8.43 (posta2.devletarsivleri.gov.tr):
1032 Scanning ip 212.175.8.33 (ns1.devletarsivleri.gov.tr.):
1033 53/tcp open domain? syn-ack ttl 116
1034 | fingerprint-strings:
1035 | DNSVersionBindReqTCP:
1036 | version
1037 |_ bind
1038 WebCrawling domain's web servers... up to 50 max links.
1039
1040 + URL to crawl: http://mail.devletarsivleri.gov.tr.
1041 + Date: 2019-10-18
1042
1043 + Crawling URL: http://mail.devletarsivleri.gov.tr.:
1044 + Links:
1045 + Crawling http://mail.devletarsivleri.gov.tr. (400 Bad Request)
1046 + Searching for directories...
1047 + Searching open folders...
1048
1049
1050 + URL to crawl: https://mail.devletarsivleri.gov.tr.
1051 + Date: 2019-10-18
1052
1053 + Crawling URL: https://mail.devletarsivleri.gov.tr.:
1054 + Links:
1055 + Crawling https://mail.devletarsivleri.gov.tr.
1056 + Searching for directories...
1057 + Searching open folders...
1058
1059
1060 + URL to crawl: http://mail.devletarsivleri.gov.tr.:8008
1061 + Date: 2019-10-18
1062
1063 + Crawling URL: http://mail.devletarsivleri.gov.tr.:8008:
1064 + Links:
1065 + Crawling http://mail.devletarsivleri.gov.tr.:8008 (timed out)
1066 + Searching for directories...
1067 + Searching open folders...
1068
1069--Finished--
1070Summary information for domain devletarsivleri.gov.tr.
1071-----------------------------------------
1072 Domain Specific Information:
1073 Email: dab@devletarsivleri.gov.tr.
1074 Email: dab@devletarsivleri.gov.trh
1075 Email: dab@devletarsivleri.gov.tr
1076
1077 Domain Ips Information:
1078 IP: 212.175.8.36
1079 HostName: posta1.devletarsivleri.gov.tr Type: MX
1080 HostName: posta.devletarsivleri.gov.tr Type: PTR
1081 Type: SPF
1082 Country: Turkey
1083 Is Active: True (reset ttl 64)
1084 IP: 212.175.8.35
1085 HostName: www.devletarsivleri.gov.tr. Type: A
1086 Country: Turkey
1087 Is Active: True (reset ttl 64)
1088 IP: 212.175.8.34
1089 HostName: ns2.devletarsivleri.gov.tr Type: NS
1090 HostName: ns2.devletarsivleri.gov.tr. Type: A
1091 Country: Turkey
1092 Is Active: True (reset ttl 64)
1093 Port: 53/tcp open domain? syn-ack ttl 116
1094 Script Info: Device type: general purpose|WAP
1095 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
1096 IP: 212.175.8.42
1097 HostName: mail.devletarsivleri.gov.tr. Type: A
1098 Country: Turkey
1099 Is Active: True (reset ttl 64)
1100 Port: 80/tcp open http syn-ack ttl 116 Microsoft IIS httpd 10.0
1101 Script Info: | http-methods:
1102 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1103 Script Info: |_http-server-header: Microsoft-IIS/10.0
1104 Script Info: |_http-title: Did not follow redirect to https://posta.devletarsivleri.gov.tr/owa/
1105 Port: 143/tcp open imap syn-ack ttl 116 Microsoft Exchange 2007-2010 imapd
1106 Script Info: |_imap-capabilities: UIDPLUS IDLE completed IMAP4rev1 SASL-IR LOGINDISABLED CAPABILITY OK LITERAL+A0001 NAMESPACE MOVE CHILDREN UNSELECT STARTTLS ID IMAP4
1107 Script Info: | imap-ntlm-info:
1108 Script Info: | Target_Name: DEVLETARSIVLERI
1109 Script Info: | NetBIOS_Domain_Name: DEVLETARSIVLERI
1110 Script Info: | NetBIOS_Computer_Name: POSTA
1111 Script Info: | DNS_Domain_Name: devletarsivleri.gov.tr
1112 Script Info: | DNS_Computer_Name: posta.devletarsivleri.gov.tr
1113 Script Info: | DNS_Tree_Name: devletarsivleri.gov.tr
1114 Script Info: |_ Product_Version: 10.0.14393
1115 Script Info: | ssl-cert: Subject: commonName=posta
1116 Script Info: | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
1117 Script Info: | Issuer: commonName=posta
1118 Script Info: | Public Key type: rsa
1119 Script Info: | Public Key bits: 2048
1120 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1121 Script Info: | Not valid before: 2018-12-27T12:41:00
1122 Script Info: | Not valid after: 2023-12-27T12:41:00
1123 Script Info: | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
1124 Script Info: |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
1125 Script Info: |_ssl-date: 2019-10-18T04:58:02+00:00; -13m46s from scanner time.
1126 Port: 443/tcp open ssl/http syn-ack ttl 116 Microsoft IIS httpd 10.0
1127 Script Info: |_http-favicon: Unknown favicon MD5: 510FD8B46942B5ADFAC92D5499EACD97
1128 Script Info: | http-methods:
1129 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1130 Script Info: |_http-server-header: Microsoft-IIS/10.0
1131 Script Info: | http-title: Outlook
1132 Script Info: |_Requested resource was https://212.175.8.42/owa/auth/logon.aspx?url=https%3a%2f%2f212.175.8.42%2fowa%2f&reason=0
1133 Script Info: | ssl-cert: Subject: commonName=*.devletarsivleri.gov.tr/organizationName=DEVLET ARSIVLERI GENEL MUDURLUGU/stateOrProvinceName=ANKARA/countryName=TR
1134 Script Info: | Subject Alternative Name: DNS:*.devletarsivleri.gov.tr, DNS:devletarsivleri.gov.tr
1135 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1136 Script Info: | Public Key type: rsa
1137 Script Info: | Public Key bits: 2048
1138 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1139 Script Info: | Not valid before: 2018-04-12T15:03:32
1140 Script Info: | Not valid after: 2020-04-12T15:03:32
1141 Script Info: | MD5: 7e01 07dd 6506 2fd6 e787 e2ca 25b7 984b
1142 Script Info: |_SHA-1: a35b 6a8c fcb6 e7fc f994 8548 3026 aa03 7e12 7a8b
1143 Script Info: |_ssl-date: 2019-10-18T04:58:01+00:00; -13m47s from scanner time.
1144 Script Info: | tls-alpn:
1145 Script Info: | h2
1146 Script Info: |_ http/1.1
1147 Port: 465/tcp open smtp syn-ack ttl 116 Microsoft Exchange smtpd
1148 Script Info: | smtp-commands: posta.devletarsivleri.gov.tr Hello [45.131.4.6], SIZE 2146435072, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, X-ANONYMOUSTLS, AUTH GSSAPI NTLM, X-EXPS GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING, XEXCH50, XRDST, XSHADOWREQUEST,
1149 Script Info: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1150 Script Info: | smtp-ntlm-info:
1151 Script Info: | Target_Name: DEVLETARSIVLERI
1152 Script Info: | NetBIOS_Domain_Name: DEVLETARSIVLERI
1153 Script Info: | NetBIOS_Computer_Name: POSTA
1154 Script Info: | DNS_Domain_Name: devletarsivleri.gov.tr
1155 Script Info: | DNS_Computer_Name: posta.devletarsivleri.gov.tr
1156 Script Info: | DNS_Tree_Name: devletarsivleri.gov.tr
1157 Script Info: |_ Product_Version: 10.0.14393
1158 Script Info: | ssl-cert: Subject: commonName=posta
1159 Script Info: | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
1160 Script Info: | Issuer: commonName=posta
1161 Script Info: | Public Key type: rsa
1162 Script Info: | Public Key bits: 2048
1163 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1164 Script Info: | Not valid before: 2018-12-27T12:41:00
1165 Script Info: | Not valid after: 2023-12-27T12:41:00
1166 Script Info: | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
1167 Script Info: |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
1168 Script Info: |_ssl-date: 2019-10-18T04:58:02+00:00; -13m46s from scanner time.
1169 Port: 587/tcp open smtp syn-ack ttl 116 Microsoft Exchange smtpd
1170 Script Info: | smtp-commands: posta.devletarsivleri.gov.tr Hello [45.131.4.6], SIZE 2146435072, PIPELINING, DSN, ENHANCEDSTATUSCODES, STARTTLS, AUTH GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING,
1171 Script Info: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1172 Script Info: | smtp-ntlm-info:
1173 Script Info: | Target_Name: DEVLETARSIVLERI
1174 Script Info: | NetBIOS_Domain_Name: DEVLETARSIVLERI
1175 Script Info: | NetBIOS_Computer_Name: POSTA
1176 Script Info: | DNS_Domain_Name: devletarsivleri.gov.tr
1177 Script Info: | DNS_Computer_Name: posta.devletarsivleri.gov.tr
1178 Script Info: | DNS_Tree_Name: devletarsivleri.gov.tr
1179 Script Info: |_ Product_Version: 10.0.14393
1180 Script Info: | ssl-cert: Subject: commonName=posta
1181 Script Info: | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
1182 Script Info: | Issuer: commonName=posta
1183 Script Info: | Public Key type: rsa
1184 Script Info: | Public Key bits: 2048
1185 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1186 Script Info: | Not valid before: 2018-12-27T12:41:00
1187 Script Info: | Not valid after: 2023-12-27T12:41:00
1188 Script Info: | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
1189 Script Info: |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
1190 Script Info: |_ssl-date: 2019-10-18T04:58:02+00:00; -13m46s from scanner time.
1191 Port: 993/tcp open ssl/imap syn-ack ttl 116 Microsoft Exchange 2007-2010 imapd
1192 Script Info: |_imap-capabilities: AUTH=NTLM IMAP4rev1 CHILDREN MOVE AUTH=GSSAPI UNSELECT ID UIDPLUS IDLE CAPABILITY AUTH=PLAIN OK completed LITERAL+A0001 SASL-IR NAMESPACE IMAP4
1193 Script Info: | imap-ntlm-info:
1194 Script Info: | Target_Name: DEVLETARSIVLERI
1195 Script Info: | NetBIOS_Domain_Name: DEVLETARSIVLERI
1196 Script Info: | NetBIOS_Computer_Name: POSTA
1197 Script Info: | DNS_Domain_Name: devletarsivleri.gov.tr
1198 Script Info: | DNS_Computer_Name: posta.devletarsivleri.gov.tr
1199 Script Info: | DNS_Tree_Name: devletarsivleri.gov.tr
1200 Script Info: |_ Product_Version: 10.0.14393
1201 Script Info: | ssl-cert: Subject: commonName=posta
1202 Script Info: | Subject Alternative Name: DNS:posta, DNS:posta.devletarsivleri.gov.tr
1203 Script Info: | Issuer: commonName=posta
1204 Script Info: | Public Key type: rsa
1205 Script Info: | Public Key bits: 2048
1206 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1207 Script Info: | Not valid before: 2018-12-27T12:41:00
1208 Script Info: | Not valid after: 2023-12-27T12:41:00
1209 Script Info: | MD5: e479 e90b 0799 b948 22a5 006b 8c7a 1ee0
1210 Script Info: |_SHA-1: 667d 934d aa64 36bf f0eb fe0f c377 cf69 d0a9 e9db
1211 Script Info: |_ssl-date: 2019-10-18T04:58:01+00:00; -13m47s from scanner time.
1212 Port: 8008/tcp open http syn-ack ttl 54
1213 Script Info: | fingerprint-strings:
1214 Script Info: | FourOhFourRequest:
1215 Script Info: | HTTP/1.1 302 Found
1216 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1217 Script Info: | Connection: close
1218 Script Info: | X-Frame-Options: SAMEORIGIN
1219 Script Info: | X-XSS-Protection: 1; mode=block
1220 Script Info: | X-Content-Type-Options: nosniff
1221 Script Info: | Content-Security-Policy: frame-ancestors
1222 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1223 Script Info: | HTTP/1.1 302 Found
1224 Script Info: | Location: https://:8010
1225 Script Info: | Connection: close
1226 Script Info: | X-Frame-Options: SAMEORIGIN
1227 Script Info: | X-XSS-Protection: 1; mode=block
1228 Script Info: | X-Content-Type-Options: nosniff
1229 Script Info: | Content-Security-Policy: frame-ancestors
1230 Script Info: | GetRequest:
1231 Script Info: | HTTP/1.1 302 Found
1232 Script Info: | Location: https://:8010/
1233 Script Info: | Connection: close
1234 Script Info: | X-Frame-Options: SAMEORIGIN
1235 Script Info: | X-XSS-Protection: 1; mode=block
1236 Script Info: | X-Content-Type-Options: nosniff
1237 Script Info: |_ Content-Security-Policy: frame-ancestors
1238 Script Info: | http-methods:
1239 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1240 Script Info: |_http-title: Did not follow redirect to https://212.175.8.42:8010/
1241 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1242 Os Info: Host: posta.devletarsivleri.gov.tr; OS: Windows; CPE: cpe:/o:microsoft:windows
1243 IP: 212.175.8.43
1244 HostName: posta2.devletarsivleri.gov.tr Type: MX
1245 Type: SPF
1246 Country: Turkey
1247 Is Active: True (reset ttl 64)
1248 IP: 212.175.8.33
1249 HostName: ns1.devletarsivleri.gov.tr Type: NS
1250 HostName: ns1.devletarsivleri.gov.tr. Type: A
1251 Country: Turkey
1252 Is Active: True (reset ttl 64)
1253 Port: 53/tcp open domain? syn-ack ttl 116
1254 Script Info: | fingerprint-strings:
1255 Script Info: | DNSVersionBindReqTCP:
1256 Script Info: | version
1257 Script Info: |_ bind
1258
1259--------------End Summary --------------
1260-----------------------------------------
1261#######################################################################################################################################
1262dnsenum VERSION:1.2.6
1263
1264----- 212.175.8.35 -----
1265
1266
1267Host's addresses:
1268__________________
1269
1270
1271
1272Name Servers:
1273______________
1274
1275ns1.sihirhosting.com. 3197 IN A 176.53.10.89
1276ns2.sihirhosting.com. 3600 IN A 167.99.138.232
1277
1278
1279Mail (MX) Servers:
1280___________________
1281
1282
1283
1284Trying Zone Transfers and getting Bind Versions:
1285_________________________________________________
1286
1287
1288Trying Zone Transfer for 212.175.8.35 on ns1.sihirhosting.com ...
1289
1290Trying Zone Transfer for 212.175.8.35 on ns2.sihirhosting.com ...
1291
1292
1293Brute forcing with /usr/share/dnsenum/dns.txt:
1294_______________________________________________
1295
12968.175.212.121.in-addr.arpa. 86400 IN PTR (
12978.175.212.131.in-addr.arpa. 86400 IN PTR dyn-131-212-175-8.d.umn.edu.
12988.175.212.135.in-addr.arpa. 86400 IN PTR nothing.attdns.com.
12998.175.212.155.in-addr.arpa. 86400 IN PTR (
13008.175.212.34.in-addr.arpa. 300 IN PTR (
13018.175.212.37.in-addr.arpa. 21600 IN PTR (
13028.175.212.46.in-addr.arpa. 86400 IN PTR cm-46.212.175.8.getinternet.no.
13038.175.212.54.in-addr.arpa. 300 IN PTR (
13048.175.212.67.in-addr.arpa. 43200 IN PTR (
13058.175.212.75.in-addr.arpa. 7200 IN PTR 8.sub-75-212-175.myvzw.com.
13068.175.212.79.in-addr.arpa. 86400 IN PTR p4FD4AF08.dip0.t-ipconnect.de.
13078.175.212.97.in-addr.arpa. 7200 IN PTR 8.sub-97-212-175.myvzw.com.
1308
1309
1310212.175.8.35 class C netranges:
1311________________________________
1312
1313
1314
1315Performing reverse lookup on 0 ip addresses:
1316_____________________________________________
1317
1318
13190 results out of 0 IP addresses.
1320
1321
1322212.175.8.35 ip blocks:
1323________________________
1324#######################################################################################################################################
1325Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 01:01 EDT
1326Nmap scan report for 212.175.8.35
1327Host is up (0.20s latency).
1328Not shown: 995 filtered ports, 3 closed ports
1329Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1330PORT STATE SERVICE
133180/tcp open http
1332443/tcp open https
1333
1334Nmap done: 1 IP address (1 host up) scanned in 15.16 seconds
1335#######################################################################################################################################
1336Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 01:02 EDT
1337Nmap scan report for 212.175.8.35
1338Host is up (0.20s latency).
1339Not shown: 2 filtered ports
1340PORT STATE SERVICE
134153/udp open|filtered domain
134267/udp open|filtered dhcps
134368/udp open|filtered dhcpc
134469/udp open|filtered tftp
134588/udp open|filtered kerberos-sec
1346123/udp open|filtered ntp
1347139/udp open|filtered netbios-ssn
1348161/udp open|filtered snmp
1349162/udp open|filtered snmptrap
1350389/udp open|filtered ldap
1351500/udp open|filtered isakmp
1352520/udp open|filtered route
13532049/udp open|filtered nfs
1354
1355Nmap done: 1 IP address (1 host up) scanned in 6.44 seconds
1356#######################################################################################################################################
1357HTTP/1.1 404 Not Found
1358Content-Length: 315
1359Content-Type: text/html; charset=us-ascii
1360Server: Microsoft-HTTPAPI/2.0
1361Date: Fri, 18 Oct 2019 04:51:04 GMT
1362Connection: close
1363#######################################################################################################################################
1364
1365wig - WebApp Information Gatherer
1366
1367
1368Scanning http://212.175.8.35...
1369____________________________________________ SITE INFO _____________________________________________
1370IP Title
1371212.175.8.35
1372
1373_____________________________________________ VERSION ______________________________________________
1374Name Versions Type
1375microsoft-httpapi 2.0 Platform
1376Microsoft Windows 7 OS
1377Microsoft Windows Server 2003 SP2 | 2003 SP3 | 2008 | 2008 R2 | 2012 | 2012 R2 OS
1378
1379____________________________________________________________________________________________________
1380Time: 37.6 sec Urls: 599 Fingerprints: 40401
1381#######################################################################################################################################
1382Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 01:03 EDT
1383NSE: Loaded 163 scripts for scanning.
1384NSE: Script Pre-scanning.
1385Initiating NSE at 01:03
1386Completed NSE at 01:03, 0.00s elapsed
1387Initiating NSE at 01:03
1388Completed NSE at 01:03, 0.00s elapsed
1389Initiating Parallel DNS resolution of 1 host. at 01:03
1390Completed Parallel DNS resolution of 1 host. at 01:03, 1.77s elapsed
1391Initiating SYN Stealth Scan at 01:03
1392Scanning 212.175.8.35 [1 port]
1393Discovered open port 80/tcp on 212.175.8.35
1394Completed SYN Stealth Scan at 01:03, 0.33s elapsed (1 total ports)
1395Initiating Service scan at 01:03
1396Scanning 1 service on 212.175.8.35
1397Completed Service scan at 01:03, 6.48s elapsed (1 service on 1 host)
1398Initiating OS detection (try #1) against 212.175.8.35
1399Retrying OS detection (try #2) against 212.175.8.35
1400Initiating Traceroute at 01:03
1401Completed Traceroute at 01:03, 3.28s elapsed
1402Initiating Parallel DNS resolution of 11 hosts. at 01:03
1403Completed Parallel DNS resolution of 11 hosts. at 01:03, 1.80s elapsed
1404NSE: Script scanning 212.175.8.35.
1405Initiating NSE at 01:03
1406NSE: [http-wordpress-enum 212.175.8.35:80] got no answers from pipelined queries
1407Completed NSE at 01:06, 199.42s elapsed
1408Initiating NSE at 01:06
1409Completed NSE at 01:06, 2.00s elapsed
1410Nmap scan report for 212.175.8.35
1411Host is up (0.28s latency).
1412
1413PORT STATE SERVICE VERSION
141480/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1415|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
1416| http-brute:
1417|_ Path "/" does not require authentication
1418|_http-chrono: Request times for /; avg: 16143.40ms; min: 16047.00ms; max: 16499.84ms
1419|_http-csrf: Couldn't find any CSRF vulnerabilities.
1420|_http-date: Fri, 18 Oct 2019 04:52:16 GMT; -11m28s from local time.
1421|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1422|_http-dombased-xss: Couldn't find any DOM based XSS.
1423| http-errors:
1424| Spidering limited to: maxpagecount=40; withinhost=212.175.8.35
1425| Found the following error pages:
1426|
1427| Error Code: 404
1428|_ http://212.175.8.35:80/
1429|_http-feed: Couldn't find any feeds.
1430|_http-fetch: Please enter the complete path of the directory to save data in.
1431| http-headers:
1432| Content-Type: text/html; charset=us-ascii
1433| Server: Microsoft-HTTPAPI/2.0
1434| Date: Fri, 18 Oct 2019 04:52:16 GMT
1435| Connection: close
1436| Content-Length: 315
1437|
1438|_ (Request type: GET)
1439|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1440|_http-mobileversion-checker: No mobile version detected.
1441|_http-security-headers:
1442| http-sitemap-generator:
1443| Directory structure:
1444| Longest directory structure:
1445| Depth: 0
1446| Dir: /
1447| Total files found (by extension):
1448|_
1449|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1450|_http-title: Not Found
1451|_http-traceroute: ERROR: Script execution failed (use -d to debug)
1452| http-vhosts:
1453|_127 names had status ERROR
1454|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1455|_http-xssed: No previously reported XSS vuln.
1456| vulscan: VulDB - https://vuldb.com:
1457| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
1458| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
1459| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
1460| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
1461| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
1462| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1463| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1464| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1465| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1466| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1467| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1468| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1469| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1470| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1471| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1472| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1473| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1474| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1475| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1476| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
1477| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
1478| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
1479| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
1480| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
1481| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
1482| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
1483| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
1484| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
1485| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
1486| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
1487| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
1488| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
1489| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
1490| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
1491| [114524] Microsoft ASP.NET Core 2.0 denial of service
1492| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
1493| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1494| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1495| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
1496| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1497| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1498| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
1499| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
1500| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
1501| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1502| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1503| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1504| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1505| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1506| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1507| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1508| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1509| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1510| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1511| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
1512| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1513| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1514| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
1515| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
1516| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
1517| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
1518| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
1519| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
1520| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
1521| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
1522| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1523| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
1524| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
1525| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1526| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1527| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1528| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
1529| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
1530| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1531| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1532| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
1533| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
1534| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
1535| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
1536| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
1537| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
1538| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
1539| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
1540| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1541| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
1542| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
1543| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
1544| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
1545| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
1546| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
1547| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
1548| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
1549| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
1550| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
1551| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
1552| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
1553| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
1554| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
1555| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
1556| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
1557| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1558| [98085] Microsoft Excel 2007 SP3 memory corruption
1559| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
1560| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
1561| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
1562| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
1563| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
1564| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
1565| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
1566| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
1567| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
1568| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
1569| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
1570| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1571| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
1572| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
1573| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
1574| [93541] Microsoft Office 2007 SP3 denial of service
1575| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
1576| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
1577| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
1578| [93396] Microsoft Office 2007/2010/2011 memory corruption
1579| [93395] Microsoft Office 2007/2010/2011 memory corruption
1580| [93394] Microsoft Office 2007/2010 memory corruption
1581| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
1582| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
1583| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1584| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
1585| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1586| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1587| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1588| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
1589| [91545] Microsoft Office 2007/2010 memory corruption
1590| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1591| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
1592| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
1593| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
1594| [90705] Microsoft Office 2007/2010/2011 memory corruption
1595| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
1596| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
1597| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
1598| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
1599| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
1600| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
1601| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
1602| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
1603| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
1604| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
1605| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
1606| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
1607| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
1608| [87147] Microsoft Office 2007/2010 memory corruption
1609| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
1610| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
1611| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
1612| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
1613| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
1614| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
1615| [81272] Microsoft Office 2007/2010/2013 memory corruption
1616| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
1617| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1618| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1619| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
1620| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
1621| [79505] Microsoft Office 2007 memory corruption
1622| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
1623| [79503] Microsoft Office 2007/2010/2013 memory corruption
1624| [79502] Microsoft Office 2007/2010/2011 memory corruption
1625| [79501] Microsoft Office 2007/2010 memory corruption
1626| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
1627| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
1628| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
1629| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
1630| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
1631| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
1632| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
1633| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
1634| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
1635| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
1636| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
1637| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
1638| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
1639| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
1640| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
1641| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
1642| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
1643| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
1644| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
1645| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
1646| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
1647| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
1648| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
1649| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
1650| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
1651| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
1652| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
1653| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
1654| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
1655| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
1656| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
1657| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
1658| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
1659| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
1660| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
1661| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
1662| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
1663| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
1664| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
1665| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
1666| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
1667| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
1668| [68408] Microsoft Excel 2007/2010/2013 memory corruption
1669| [68407] Microsoft Excel 2007/2010 memory corruption
1670| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
1671| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
1672| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
1673| [68188] Microsoft Word 2007 File memory corruption
1674| [68187] Microsoft Word 2007 File memory corruption
1675| [68186] Microsoft Word 2007 File memory corruption
1676| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
1677| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
1678| [71337] Microsoft Office 2000/2004/XP memory corruption
1679| [67355] Microsoft OneNote 2007 File Processing privilege escalation
1680| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
1681| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
1682| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
1683| [13545] Microsoft Word 2007 Embedded Font memory corruption
1684| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
1685| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
1686| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
1687| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
1688| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
1689| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
1690| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
1691| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
1692| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
1693| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
1694| [12844] Microsoft Word 2007/2010 Office File memory corruption
1695| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
1696| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
1697| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
1698| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
1699| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
1700| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
1701| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
1702| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
1703| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
1704| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
1705| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
1706| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
1707| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
1708| [10648] Microsoft Word 2007 Word File memory corruption
1709| [10647] Microsoft Word 2003 Word File memory corruption
1710| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
1711| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
1712| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
1713| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
1714| [10244] Microsoft Office 2003 SP3 Word File memory corruption
1715| [10243] Microsoft Office 2003/2007 Word File memory corruption
1716| [10242] Microsoft Office 2007 Word File memory corruption
1717| [10241] Microsoft Office 2007 Word File memory corruption
1718| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
1719| [10239] Microsoft Office 2003/2007 Word File memory corruption
1720| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
1721| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
1722| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
1723| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1724| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1725| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1726| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
1727| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
1728| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
1729| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
1730| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
1731| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
1732| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
1733| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
1734| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
1735| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
1736| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
1737| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
1738| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
1739| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
1740| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
1741| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
1742| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
1743| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
1744| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
1745| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
1746| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
1747| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
1748| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
1749| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
1750| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
1751| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
1752| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
1753| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
1754| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
1755| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
1756| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
1757| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
1758| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
1759| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
1760| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
1761| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
1762| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
1763| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
1764| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
1765| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
1766| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
1767| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
1768| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
1769| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
1770| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
1771| [6830] Microsoft Word 2007/2010 File memory corruption
1772| [6819] Microsoft Excel 2007 File memory corruption
1773| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
1774| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
1775| [6621] Microsoft Word 2007 PAPX memory corruption
1776| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
1777| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
1778| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
1779| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
1780| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
1781| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
1782| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
1783| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
1784| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
1785| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
1786| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
1787| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
1788| [5643] Microsoft SharePoint 2007/2010 information disclosure
1789| [5642] Microsoft SharePoint 2007 cross site request forgery
1790| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
1791| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
1792| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
1793| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
1794| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
1795| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
1796| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
1797| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
1798| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
1799| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
1800| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
1801| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
1802| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
1803| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
1804| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
1805| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
1806| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
1807| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
1808| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
1809| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
1810| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
1811| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
1812| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
1813| [4480] Microsoft Excel 2003 memory corruption
1814| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
1815| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
1816| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
1817| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
1818| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
1819| [4470] Microsoft Office 2003 SP3 memory corruption
1820| [4453] Microsoft Excel 2003 Record Parser memory corruption
1821| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
1822| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
1823| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
1824| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
1825| [59005] Microsoft Host Integration Server 2004 denial of service
1826| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
1827| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
1828| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
1829| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
1830| [58488] Microsoft Office 2007/2010 memory corruption
1831| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
1832| [4411] Microsoft Excel 2003 memory corruption
1833| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
1834| [58240] Microsoft Visio 2003/2007 memory corruption
1835| [58237] Microsoft Visio 2003/2007/2010 memory corruption
1836| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
1837| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
1838| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
1839| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
1840| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
1841| [57691] Microsoft SQL Server 2008 Web Service information disclosure
1842| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
1843| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
1844| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
1845| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
1846| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
1847| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
1848| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
1849| [4369] Microsoft Excel 2002/2003/2007 memory corruption
1850| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
1851| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
1852| [57420] Microsoft PowerPoint 2002/2003 memory corruption
1853| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
1854| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
1855| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
1856| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
1857| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
1858| [57076] Microsoft Excel 2002/2003 memory corruption
1859| [57075] Microsoft Excel 2002/2003 memory corruption
1860| [57074] Microsoft Excel 2002 memory corruption
1861| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
1862| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
1863| [4332] Microsoft PowerPoint 2007/2010 memory corruption
1864| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
1865| [56475] Microsoft Office 2004/2008 memory corruption
1866| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
1867| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
1868| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
1869| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
1870| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
1871| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
1872| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
1873| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
1874| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
1875| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
1876| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
1877| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
1878| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
1879| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
1880| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
1881| [55765] Microsoft Office 2003/Xp Integer memory corruption
1882| [55764] Microsoft Office 2003/Xp memory corruption
1883| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
1884| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
1885| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
1886| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
1887| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
1888| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
1889| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
1890| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
1891| [55420] Microsoft Office 2007/2010 memory corruption
1892| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
1893| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
1894| [55411] Microsoft PowerPoint 2002/2003 memory corruption
1895| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
1896| [54995] Microsoft Office 2004/2008 memory corruption
1897| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
1898| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
1899| [54992] Microsoft Excel 2002 memory corruption
1900| [54991] Microsoft Office 2004 Future memory corruption
1901| [54990] Microsoft Office 2004 memory corruption
1902| [54989] Microsoft Office 2004/2008 memory corruption
1903| [54988] Microsoft Excel 2002 memory corruption
1904| [54987] Microsoft Excel 2002 memory corruption
1905| [54986] Microsoft Excel 2002/2003 memory corruption
1906| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
1907| [54984] Microsoft Office 2004/2008 memory corruption
1908| [54983] Microsoft Excel 2002 Integer memory corruption
1909| [54980] Microsoft Word 2002/2003 memory corruption
1910| [54979] Microsoft Word 2002 memory corruption
1911| [54978] Microsoft Word 2002 memory corruption
1912| [54977] Microsoft Word 2002 Heap-based memory corruption
1913| [54976] Microsoft Word 2002 memory corruption
1914| [54975] Microsoft Word 2002 memory corruption
1915| [54974] Microsoft Word 2002 memory corruption
1916| [54973] Microsoft Word 2002 memory corruption
1917| [54972] Microsoft Word 2002 memory corruption
1918| [54971] Microsoft Word 2002 memory corruption
1919| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
1920| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
1921| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
1922| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
1923| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
1924| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
1925| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
1926| [54554] Microsoft Groove 2007 mso.dll memory corruption
1927| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
1928| [54322] Microsoft Word 2002/2003 memory corruption
1929| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
1930| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
1931| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
1932| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
1933| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
1934| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
1935| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
1936| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
1937| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
1938| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
1939| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
1940| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
1941| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
1942| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
1943| [53505] Microsoft Excel 2002/2007 memory corruption
1944| [53501] Microsoft Excel 2002 memory corruption
1945| [53500] Microsoft Excel 2002 memory corruption
1946| [53499] Microsoft Excel 2002 memory corruption
1947| [53495] Microsoft Excel 2002/2003/2007 memory corruption
1948| [53494] Microsoft Excel 2002 Stack-based memory corruption
1949| [53504] Microsoft Excel 2002 memory corruption
1950| [53503] Microsoft Excel 2002 Stack-Based memory corruption
1951| [53502] Microsoft Excel 2002 Heap-based memory corruption
1952| [53498] Microsoft Excel 2002 Stack-based memory corruption
1953| [53497] Microsoft Excel 2002 memory corruption
1954| [53496] Microsoft Excel 2002 memory corruption
1955| [53493] Microsoft Excel 2002/2003/2007 memory corruption
1956| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
1957| [53366] Microsoft ASP.NET 2.0 cross site scripting
1958| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
1959| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
1960| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
1961| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
1962| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
1963| [52773] Microsoft Visio 2002/2003/2007 memory corruption
1964| [52772] Microsoft Visio 2002/2003/2007 memory corruption
1965| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
1966| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
1967| [52543] Microsoft Virtual PC 2007 unknown vulnerability
1968| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
1969| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
1970| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
1971| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
1972| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
1973| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
1974| [4090] Microsoft Excel 2002/2003/2007 memory corruption
1975| [52036] Microsoft Windows 2000 MsgBox memory corruption
1976| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
1977| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
1978| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
1979| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
1980| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
1981| [51799] Microsoft PowerPoint 2002/2003 memory corruption
1982| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
1983| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
1984| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
1985| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
1986| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
1987| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
1988| [51074] Microsoft Office 2002/2003 Integer memory corruption
1989| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
1990| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
1991| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
1992| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
1993| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
1994| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
1995| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
1996| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
1997| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
1998| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
1999| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
2000| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
2001| [50443] Microsoft PowerPoint 2007 Integer memory corruption
2002| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
2003| [49866] Microsoft Windows Server 2003 memory corruption
2004| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
2005| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
2006| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
2007| [49745] Microsoft Windows Server 2003 denial of service
2008| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
2009| [49394] Microsoft Windows Server 2003 memory corruption
2010| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
2011| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
2012| [49198] Microsoft Visual Studio 2005 information disclosure
2013| [49047] Microsoft Virtual Server 2005 privilege escalation
2014| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
2015| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
2016| [49044] Microsoft ISA Server 2006 privilege escalation
2017| [3999] Microsoft Office 2007 Pointer memory corruption
2018| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
2019| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
2020| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
2021| [48517] Microsoft Windows 2000 Memory Leak memory corruption
2022| [48516] Microsoft Windows Server 2008 unknown vulnerability
2023| [48512] Microsoft Windows Server 2008 unknown vulnerability
2024| [48515] Microsoft Office Word Viewer 2003 memory corruption
2025| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
2026| [48554] Microsoft Excel 2000/2003/2007 memory corruption
2027| [48157] Microsoft PowerPoint 2002 Sound memory corruption
2028| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
2029| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
2030| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
2031| [48150] Microsoft PowerPoint 2002 Sound memory corruption
2032| [48147] Microsoft PowerPoint 2002 Sound memory corruption
2033| [48146] Microsoft PowerPoint 2002 Integer memory corruption
2034| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
2035| [48153] Microsoft PowerPoint 2002 Sound memory corruption
2036| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
2037| [48149] Microsoft PowerPoint 2002 memory corruption
2038| [48148] Microsoft PowerPoint 2002 Sound memory corruption
2039| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
2040| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
2041| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
2042| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
2043| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
2044| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
2045| [47719] Microsoft Windows 2000 Stack-based memory corruption
2046| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
2047| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
2048| [47715] Microsoft Windows 2000 Wordpad memory corruption
2049| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
2050| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
2051| [3952] Microsoft ISA Server 2004/2006 denial of service
2052| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
2053| [47091] Microsoft Windows Server 2008 unknown vulnerability
2054| [47090] Microsoft Windows Server 2008 unknown vulnerability
2055| [3939] Microsoft Windows 2000 DNS spoofing
2056| [3938] Microsoft Windows 2000 SSL weak authentication
2057| [3937] Microsoft Windows 2000 memory corruption
2058| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
2059| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
2060| [46455] Microsoft Exchange Server 2007 denial of service
2061| [46454] Microsoft Exchange Server 2007 memory corruption
2062| [46453] Microsoft Visio 2002/2003/2007 memory corruption
2063| [46452] Microsoft Visio 2002/2003/2007 memory corruption
2064| [46451] Microsoft Visio 2002/2003/2007 memory corruption
2065| [46327] Microsoft Word 2007 information disclosure
2066| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
2067| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
2068| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
2069| [45379] Microsoft Office SharePoint Server 2007 denial of service
2070| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
2071| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
2072| [3891] Microsoft Excel 2000/2002/2003 memory corruption
2073| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
2074| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
2075| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
2076| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
2077| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
2078| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
2079| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
2080| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
2081| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
2082| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
2083| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
2084| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
2085| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
2086| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
2087| [45197] Microsoft Windows 2000 nskey.dll memory corruption
2088| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
2089| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
2090| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
2091| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
2092| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
2093| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
2094| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
2095| [3844] Microsoft Excel 2003 REPT memory corruption
2096| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
2097| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
2098| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
2099| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
2100| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
2101| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2102| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2103| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2104| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
2105| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
2106| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
2107| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
2108| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
2109| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
2110| [43657] Microsoft Office 2000/2003/Xp memory corruption
2111| [43654] Microsoft SharePoint Server 2007 memory corruption
2112| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
2113| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
2114| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
2115| [3796] Microsoft Office 2000 WPG memory corruption
2116| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
2117| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
2118| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
2119| [3792] Microsoft Office 2000 EPS File memory corruption
2120| [3783] Microsoft Word 2002 memory corruption
2121| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
2122| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
2123| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
2124| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
2125| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
2126| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
2127| [42816] Microsoft Word 2000/2003 memory corruption
2128| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
2129| [42731] Microsoft Windows Server 2003 denial of service
2130| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
2131| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
2132| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
2133| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
2134| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
2135| [41880] Microsoft Project 2000/2002/2003 memory corruption
2136| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
2137| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
2138| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
2139| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
2140| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
2141| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
2142| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
2143| [41453] Microsoft Excel 2000/2002/2003 memory corruption
2144| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
2145| [41451] Microsoft Excel 2000/2002/2003 memory corruption
2146| [41450] Microsoft Excel 2000 memory corruption
2147| [41449] Microsoft Excel 2000/2002/2003 memory corruption
2148| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
2149| [3648] Microsoft Excel 2003 memory corruption
2150| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
2151| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
2152| [41002] Microsoft Office 2000/2003/Xp memory corruption
2153| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
2154| [41000] Microsoft Works 2005/8.0 memory corruption
2155| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
2156| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
2157| [40987] Microsoft Windows 2000 denial of service
2158| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
2159| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
2160| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
2161| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
2162| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
2163| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
2164| [39655] Microsoft Windows Server 2003 spoofing
2165| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
2166| [3373] Microsoft Word 2000/2002 memory corruption
2167| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
2168| [38899] Microsoft ISA Server 2004 information disclosure
2169| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
2170| [38326] Microsoft Windows 2000 attemptwrite memory corruption
2171| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
2172| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
2173| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
2174| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
2175| [37738] Microsoft Office 2002/2003 memory corruption
2176| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
2177| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
2178| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
2179| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
2180| [37566] Microsoft Excel 2003 unknown vulnerability
2181| [37526] Microsoft Windows 2000/Server 2003 denial of service
2182| [37248] Microsoft Visio 2002 Packaging memory corruption
2183| [37251] Microsoft Windows 2000 memory corruption
2184| [3119] Microsoft Visio 2002 Object memory corruption
2185| [3118] Microsoft Visio 2002 Data memory corruption
2186| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
2187| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
2188| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
2189| [36616] Microsoft Works 2004/2005/2006 memory corruption
2190| [36621] Microsoft Exchange Server 2000 Integer denial of service
2191| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
2192| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
2193| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
2194| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
2195| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
2196| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
2197| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
2198| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
2199| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
2200| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
2201| [36039] Microsoft Content Management Server 2001 memory corruption
2202| [36052] Microsoft Windows 2000 Heap-based memory corruption
2203| [36051] Microsoft Word 2007 file798-1.doc memory corruption
2204| [36050] Microsoft Word 2007 file789-1.doc memory corruption
2205| [36040] Microsoft Content Management Server 2001 cross site scripting
2206| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
2207| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
2208| [36002] Microsoft Windows 2000/XP denial of service
2209| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
2210| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
2211| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
2212| [35373] Microsoft Excel 2003 denial of service
2213| [35372] Microsoft Office 2003 denial of service
2214| [35206] Microsoft Windows Server 2003/XP Crash denial of service
2215| [35161] Microsoft ISA Server 2004 unknown vulnerability
2216| [35236] Microsoft Publisher 2007 memory corruption
2217| [2939] Microsoft Word 2000 memory corruption
2218| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
2219| [34993] Microsoft Office 2000/2003/Xp memory corruption
2220| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
2221| [35000] Microsoft Word 2000/2002/2003 memory corruption
2222| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
2223| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
2224| [2884] Microsoft Word 2000/2002/2003 memory corruption
2225| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
2226| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
2227| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
2228| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
2229| [34322] Microsoft Office 2000/2003/Xp memory corruption
2230| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
2231| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
2232| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
2233| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
2234| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
2235| [34126] Microsoft Office 2003 memory corruption
2236| [34122] Microsoft Office Web Components 2000 memory corruption
2237| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
2238| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
2239| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
2240| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
2241| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
2242| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
2243| [33766] Microsoft Word 2000/2002/2003 memory corruption
2244| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
2245| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
2246| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
2247| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
2248| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
2249| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
2250| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
2251| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
2252| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
2253| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
2254| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
2255| [32693] Microsoft Word 2004 memory corruption
2256| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
2257| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
2258| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
2259| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
2260| [32694] Microsoft Windows 2000 memory corruption
2261| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2262| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2263| [32687] Microsoft Word 2000/2002 memory corruption
2264| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
2265| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
2266| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
2267| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
2268| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
2269| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
2270| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
2271| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
2272| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
2273| [2593] Microsoft ASP.NET 2.0 cross site scripting
2274| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
2275| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
2276| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2277| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
2278| [141635] Microsoft .NET Core 2.1/2.2 denial of service
2279| [141633] Microsoft Excel up to 2019 memory corruption
2280| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
2281| [141630] Microsoft Windows up to Server 2019 denial of service
2282| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
2283| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
2284| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
2285| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
2286| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
2287| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
2288| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
2289| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
2290| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
2291| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
2292| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
2293| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
2294| [141610] Microsoft Excel up to 2019 information disclosure
2295| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2296| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
2297| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
2298| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
2299| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
2300| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2301| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
2302| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2303| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2304| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2305| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2306| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2307| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2308| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2309| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2310| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2311| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2312| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2313| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2314| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
2315| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
2316| [141583] Microsoft Lync Server 2013 Conference directory traversal
2317| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
2318| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
2319| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
2320| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
2321| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
2322| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
2323| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
2324| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
2325| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2326| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2327| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2328| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2329| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
2330| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
2331| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
2332| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
2333| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
2334| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
2335| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
2336| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
2337| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
2338| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
2339| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
2340| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
2341| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
2342| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
2343| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
2344| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
2345| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
2346| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
2347| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
2348| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
2349| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
2350| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
2351| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2352| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2353| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2354| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2355| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2356| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2357| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2358| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2359| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2360| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
2361| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
2362| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2363| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2364| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
2365| [139911] Microsoft Windows up to Server 2019 denial of service
2366| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2367| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
2368| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
2369| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2370| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2371| [139902] Microsoft Word up to 2019 memory corruption
2372| [139901] Microsoft Outlook up to 2019 memory corruption
2373| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
2374| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2375| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2376| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2377| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
2378| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
2379| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
2380| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
2381| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
2382| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
2383| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2384| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
2385| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
2386| [139877] Microsoft Outlook up to 2019 memory corruption
2387| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2388| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2389| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
2390| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
2391| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
2392| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
2393| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2394| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2395| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2396| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2397| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2398| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2399| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2400| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2401| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2402| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2403| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2404| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
2405| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
2406| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2407| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
2408| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
2409| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
2410| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
2411| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2412| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2413| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2414| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
2415| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
2416| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
2417| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
2418| [137541] Microsoft Windows up to Server 2019 memory corruption
2419| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
2420| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
2421| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
2422| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
2423| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
2424| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
2425| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
2426| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
2427| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
2428| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
2429| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
2430| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
2431| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
2432| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
2433| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
2434| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
2435| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
2436| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
2437| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
2438| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2439| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2440| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
2441| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2442| [136327] Microsoft Lync Server 2010/2013 denial of service
2443| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2444| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2445| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2446| [136323] Microsoft Windows up to Server 2019 denial of service
2447| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
2448| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2449| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
2450| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
2451| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
2452| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
2453| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
2454| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
2455| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
2456| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2457| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
2458| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
2459| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2460| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2461| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
2462| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
2463| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
2464| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2465| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2466| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2467| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2468| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2469| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2470| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
2471| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
2472| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
2473| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
2474| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2475| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
2476| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
2477| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2478| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
2479| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2480| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
2481| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
2482| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
2483| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2484| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
2485| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
2486| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2487| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2488| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
2489| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2490| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2491| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
2492| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
2493| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2494| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2495| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2496| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2497| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2498| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2499| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2500| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2501| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2502| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2503| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2504| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
2505| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2506| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2507| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2508| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
2509| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
2510| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
2511| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
2512| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
2513| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
2514| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
2515| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
2516| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
2517| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2518| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2519| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
2520| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
2521| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
2522| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
2523| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
2524| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2525| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
2526| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
2527| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2528| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2529| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
2530| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2531| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2532| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
2533| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
2534| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
2535| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2536| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2537| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2538| [133204] Microsoft Office/Excel up to 2019 memory corruption
2539| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2540| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2541| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2542| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2543| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
2544| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
2545| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
2546| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
2547| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2548| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
2549| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2550| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
2551| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
2552| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2553| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2554| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
2555| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
2556| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
2557| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
2558| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
2559| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
2560| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
2561| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
2562| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
2563| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
2564| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
2565| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
2566| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
2567| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
2568| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
2569| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
2570| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
2571| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
2572| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
2573| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
2574| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
2575| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
2576| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
2577| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
2578| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2579| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2580| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
2581| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
2582| [131658] Microsoft Windows up to Server 2019 information disclosure
2583| [131657] Microsoft Windows up to Server 2019 denial of service
2584| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
2585| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
2586| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
2587| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
2588| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
2589| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
2590| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
2591| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
2592| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2593| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
2594| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
2595| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
2596| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
2597| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
2598| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
2599| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2600| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2601| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
2602| [130832] Microsoft 2013 SP1 spoofing
2603| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
2604| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
2605| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
2606| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
2607| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
2608| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
2609| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2610| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
2611| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
2612| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2613| [130814] Microsoft Windows up to Server 2019 privilege escalation
2614| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
2615| [130808] Microsoft Windows up to Server 2019 information disclosure
2616| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
2617| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
2618| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
2619| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
2620| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
2621| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
2622| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
2623| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2624| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
2625| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
2626| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
2627| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
2628| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
2629| [130792] Microsoft Windows up to Server 2019 HID information disclosure
2630| [130791] Microsoft Windows up to Server 2019 HID information disclosure
2631| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2632| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2633| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2634| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2635| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2636| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
2637| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
2638| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
2639| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
2640| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2641| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
2642| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
2643| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
2644| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2645| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2646| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2647| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2648| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2649| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2650| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2651| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2652| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2653| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2654| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2655| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
2656| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
2657| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
2658| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2659| [128745] Microsoft Office up to 2019 Word Macro information disclosure
2660| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2661| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2662| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
2663| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
2664| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
2665| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
2666| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
2667| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
2668| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
2669| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
2670| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
2671| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2672| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2673| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
2674| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2675| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
2676| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
2677| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
2678| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
2679| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
2680| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
2681| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
2682| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
2683| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
2684| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
2685| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
2686| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
2687| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
2688| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
2689| [127817] Microsoft Excel up to 2019 information disclosure
2690| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
2691| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
2692| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
2693| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
2694| [127806] Microsoft Outlook up to 2019 memory corruption
2695| [127805] Microsoft Excel up to 2019 memory corruption
2696| [127804] Microsoft Excel up to 2019 memory corruption
2697| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
2698| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
2699| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
2700| [126755] Microsoft .NET Core 2.1 privilege escalation
2701| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
2702| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
2703| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
2704| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
2705| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2706| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
2707| [126744] Microsoft Office up to 2019 Word memory corruption
2708| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2709| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2710| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
2711| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
2712| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
2713| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
2714| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
2715| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
2716| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
2717| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2718| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2719| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
2720| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
2721| [126718] Microsoft Windows up to Server 2016 Search memory corruption
2722| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
2723| [126716] Microsoft Office up to 2019 Excel memory corruption
2724| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
2725| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2726| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
2727| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
2728| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
2729| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
2730| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
2731| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
2732| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
2733| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
2734| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
2735| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
2736| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
2737| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
2738| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
2739| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
2740| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
2741| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2742| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2743| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2744| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2745| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
2746| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
2747| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
2748| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
2749| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
2750| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
2751| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
2752| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2753| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
2754| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
2755| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
2756| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
2757| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
2758| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
2759| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
2760| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
2761| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
2762| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
2763| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
2764| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
2765| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2766| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
2767| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
2768| [123849] Microsoft Windows up to Server 2016 SMB denial of service
2769| [123846] Microsoft Office 2016 on Win/Mac memory corruption
2770| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
2771| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2772| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2773| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
2774| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
2775| [123827] Microsoft Windows up to Server 2016 Image memory corruption
2776| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
2777| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
2778| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
2779| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
2780| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
2781| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
2782| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
2783| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
2784| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2785| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
2786| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
2787| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2788| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
2789| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
2790| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
2791| [122848] Microsoft Windows Security Feature 2FA weak authentication
2792| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
2793| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
2794| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
2795| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
2796| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2797| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
2798| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
2799| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
2800| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
2801| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
2802| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
2803| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2804| [121098] Microsoft Office 2016/2016 C2R memory corruption
2805| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
2806| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
2807| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2808| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
2809| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
2810| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
2811| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
2812| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
2813| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2814| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
2815| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2816| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2817| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2818| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2819| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2820| [119459] Microsoft Windows up to Server 2016 memory corruption
2821| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
2822| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
2823| [119455] Microsoft Windows up to Server 2016 denial of service
2824| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
2825| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
2826| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
2827| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
2828| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
2829| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
2830| [119436] Microsoft Windows up to Server 2016 memory corruption
2831| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
2832| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
2833| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
2834| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
2835| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
2836| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
2837| [117507] Microsoft Infopath 2013 SP1 memory corruption
2838| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
2839| [117504] Microsoft Office 2010 SP2 information disclosure
2840| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
2841| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
2842| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2843| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
2844| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
2845| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
2846| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
2847| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
2848| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2849| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2850| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2851| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2852| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2853| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2854| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
2855| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
2856| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
2857| [116132] Microsoft Office 2016 Memory information disclosure
2858| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2859| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
2860| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
2861| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
2862| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
2863| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
2864| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2865| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
2866| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
2867| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
2868| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
2869| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
2870| [116023] Microsoft Office up to 2016 C2R information disclosure
2871| [116022] Microsoft Excel 2010 SP2 memory corruption
2872| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
2873| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
2874| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2875| [116017] Microsoft Excel up to 2016 C2R memory corruption
2876| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
2877| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
2878| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
2879| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
2880| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
2881| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
2882| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
2883| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
2884| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
2885| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2886| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
2887| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
2888| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
2889| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2890| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
2891| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
2892| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
2893| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2894| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2895| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2896| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2897| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2898| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2899| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2900| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2901| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2902| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2903| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2904| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
2905| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
2906| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
2907| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
2908| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
2909| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
2910| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
2911| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
2912| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
2913| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
2914| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
2915| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
2916| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
2917| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
2918| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
2919| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
2920| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
2921| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
2922| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
2923| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
2924| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
2925| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
2926| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
2927| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
2928| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
2929| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
2930| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
2931| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
2932| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
2933| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
2934| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
2935| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
2936| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
2937| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
2938| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
2939| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
2940| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
2941| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
2942| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
2943| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
2944| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2945| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
2946| [113232] Microsoft Excel 2016 memory corruption
2947| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
2948| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
2949| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
2950| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
2951| [111567] Microsoft Office 2010/2013/2016 memory corruption
2952| [111564] Microsoft Word 2016 memory corruption
2953| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
2954| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
2955| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2956| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
2957| [110553] Microsoft Office 2016 C2R information disclosure
2958| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
2959| [110551] Microsoft Excel 2016 C2R memory corruption
2960| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
2961| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
2962| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
2963| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
2964| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
2965| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2966| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
2967| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
2968| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
2969| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
2970| [107759] Microsoft Windows up to Server 2016 SMB denial of service
2971| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2972| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
2973| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
2974| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
2975| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
2976| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
2977| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
2978| [107738] Microsoft Windows up to Server 2016 Search information disclosure
2979| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
2980| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
2981| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
2982| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2983| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2984| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2985| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
2986| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
2987| [107698] Microsoft Office 2016 memory corruption
2988| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
2989| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
2990| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2991| [106529] Microsoft PowerPoint 2016 memory corruption
2992| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
2993| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
2994| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
2995| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
2996| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
2997| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
2998| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
2999| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
3000| [106474] Microsoft Office 2016 memory corruption
3001| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
3002| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
3003| [106470] Microsoft Excel 2011 on Mac memory corruption
3004| [106455] Microsoft Exchange Server 2013/2016 information disclosure
3005| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
3006| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
3007| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
3008| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3009| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
3010| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
3011| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
3012| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
3013| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
3014| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
3015| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
3016| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3017| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3018| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
3019| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
3020| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
3021| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
3022| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
3023| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
3024| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3025| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
3026| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
3027| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
3028| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
3029| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
3030| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
3031| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
3032| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
3033| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
3034| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
3035| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
3036| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
3037| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
3038| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
3039| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
3040| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
3041| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
3042| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
3043| [102463] Microsoft Project Server 2013 SP1 cross site scripting
3044| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
3045| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
3046| [102446] Microsoft Office up to 2016 privilege escalation
3047| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
3048| [102443] Microsoft Office up to 2016 privilege escalation
3049| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
3050| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
3051| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
3052| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
3053| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
3054| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
3055| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
3056| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
3057| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
3058| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3059| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
3060| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
3061| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3062| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3063| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3064| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3065| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3066| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
3067| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3068| [101019] Microsoft Skype for Business 2016 memory corruption
3069| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
3070| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
3071| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
3072| [101014] Microsoft Office 2010 SP2/2016 memory corruption
3073| [101013] Microsoft Office 2010 SP2/2016 memory corruption
3074| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3075| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3076| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3077| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3078| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
3079| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
3080| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
3081| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
3082| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
3083| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
3084| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
3085| [98096] Microsoft Exchange 2013 SP1 privilege escalation
3086| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
3087| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
3088| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
3089| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
3090| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
3091| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
3092| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
3093| [98081] Microsoft Excel up to 2016 information disclosure
3094| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3095| [98079] Microsoft Word 2016 memory corruption
3096| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
3097| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
3098| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
3099| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
3100| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
3101| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
3102| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
3103| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
3104| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
3105| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
3106| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
3107| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
3108| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
3109| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
3110| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
3111| [94451] Microsoft Office 2011 memory corruption
3112| [94447] Microsoft Office 2010 SP2 memory corruption
3113| [94446] Microsoft Office 2016 memory corruption
3114| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
3115| [94443] Microsoft Office up to 2016 information disclosure
3116| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
3117| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
3118| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
3119| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
3120| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
3121| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
3122| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
3123| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
3124| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
3125| [93393] Microsoft Office up to 2016 memory corruption
3126| [93392] Microsoft Office up to 2016 memory corruption
3127| [93391] Microsoft Office up to 2016 memory corruption
3128| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
3129| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
3130| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
3131| [92584] Microsoft Office up to 2016 memory corruption
3132| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
3133| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
3134| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
3135| [91555] Microsoft Exchange 2013/2016 Link spoofing
3136| [91550] Microsoft Office 2016 memory corruption
3137| [91547] Microsoft Office 2010 memory corruption
3138| [91543] Microsoft Office up to 2016 memory corruption
3139| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
3140| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
3141| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
3142| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
3143| [89043] Microsoft Office up to 2016 memory corruption
3144| [89041] Microsoft Office up to 2016 memory corruption
3145| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
3146| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
3147| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3148| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
3149| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
3150| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
3151| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
3152| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
3153| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
3154| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
3155| [87936] Microsoft Office up to 2016 memory corruption
3156| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
3157| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
3158| [87149] Microsoft Office up to 2016 memory corruption
3159| [87148] Microsoft Office 2010 Graphics memory corruption
3160| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
3161| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
3162| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
3163| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
3164| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
3165| [81274] Microsoft Office up to 2016 memory corruption
3166| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
3167| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
3168| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
3169| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3170| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
3171| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
3172| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
3173| [80870] Microsoft Office up to 2016 memory corruption
3174| [80868] Microsoft Office up to 2016 memory corruption
3175| [80867] Microsoft Office up to 2016 memory corruption
3176| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
3177| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
3178| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
3179| [80231] Microsoft Excel up to 2016 Office Document memory corruption
3180| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
3181| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3182| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
3183| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3184| [80218] Microsoft Office up to 2016 ASLR privilege escalation
3185| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
3186| [80216] Microsoft Office up to 2016 Office Document memory corruption
3187| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
3188| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
3189| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
3190| [79500] Microsoft Office 2010/2011/2016 memory corruption
3191| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
3192| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
3193| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
3194| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
3195| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
3196| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
3197| [77638] Microsoft Lync Server 2013 cross site scripting
3198| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3199| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
3200| [77050] Microsoft Office up to 2016 memory corruption
3201| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
3202| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
3203| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
3204| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
3205| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
3206| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
3207| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
3208| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
3209| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
3210| [66976] Microsoft Access 2010 VBA Datatype denial of service
3211| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
3212| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
3213| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
3214| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
3215| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
3216| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
3217| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
3218| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
3219| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
3220| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
3221| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
3222| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
3223| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
3224| [69156] Microsoft Office 2010 Object memory corruption
3225| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
3226| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
3227| [68191] Microsoft SharePoint 2010 cross site scripting
3228| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
3229| [67518] Microsoft Lync 2013 denial of service
3230| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
3231| [67516] Microsoft Lync 2010/2013 denial of service
3232| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
3233| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
3234| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
3235| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
3236| [13228] Microsoft Office 2013 Document privilege escalation
3237| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
3238| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
3239| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
3240| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
3241| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
3242| [12183] Microsoft .NET Framework 2/4 DTD denial of service
3243| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
3244| [11468] Microsoft Exchange 2010/2013 cross site scripting
3245| [11466] Microsoft Office 2013 File Response information disclosure
3246| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
3247| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
3248| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
3249| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
3250| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
3251| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
3252| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
3253| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
3254| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
3255| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
3256| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
3257| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
3258| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
3259| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
3260| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
3261| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
3262| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
3263| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
3264| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
3265| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
3266| [7343] Microsoft Lync 2012 HTTP Format String
3267| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
3268| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
3269| [6831] Microsoft Office Picture Manager 2010 File memory corruption
3270| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
3271| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
3272| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
3273| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
3274| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
3275| [5641] Microsoft SharePoint 2010 cross site scripting
3276| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
3277| [12311] Microsoft Lync 2010 Search race condition
3278| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
3279| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
3280| [60208] Microsoft Visio Viewer 2010 memory corruption
3281| [60207] Microsoft Visio Viewer 2010 memory corruption
3282| [60206] Microsoft Visio Viewer 2010 memory corruption
3283| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
3284| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
3285| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
3286| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
3287| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
3288| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
3289| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
3290| [4424] Microsoft Host Integration Server up to 2010 denial of service
3291| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
3292| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
3293| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
3294| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
3295| [4414] Microsoft SharePoint 2010 cross site scripting
3296| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
3297| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
3298| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
3299| [56028] Microsoft Data Access Components 2.8 memory corruption
3300| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
3301| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
3302| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
3303| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
3304| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
3305| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
3306| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
3307| [4009] Microsoft NET Framework 2.x/3.x denial of service
3308| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
3309| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3310| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3311| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3312| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
3313| [32692] Microsoft XML Core Services up to 2.6 memory corruption
3314| [32691] Microsoft XML Core Services up to 2.6 memory corruption
3315|
3316| MITRE CVE - https://cve.mitre.org:
3317| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
3318| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
3319| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
3320| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
3321| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
3322| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
3323| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
3324| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
3325| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
3326| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
3327| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
3328| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
3329| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
3330| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
3331| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
3332| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
3333| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
3334| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
3335| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
3336| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
3337| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
3338| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
3339| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
3340| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
3341| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
3342| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
3343| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
3344| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
3345| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
3346| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
3347| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
3348| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
3349| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
3350| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
3351| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
3352| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
3353| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
3354| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
3355| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
3356| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3357| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
3358| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
3359| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
3360| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
3361| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3362| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
3363| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
3364| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
3365| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
3366| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3367| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3368| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3369| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3370| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3371| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3372| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3373| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3374| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3375| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3376| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3377| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3378| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3379| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3380| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3381| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3382| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3383| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3384| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3385| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3386| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3387| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3388| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3389| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3390| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3391| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3392| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3393| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3394| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3395| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3396| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
3397| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
3398| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
3399| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
3400| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
3401| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
3402| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
3403| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
3404| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
3405| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
3406| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
3407| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
3408| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
3409| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
3410| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
3411| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
3412| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
3413| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
3414| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
3415| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
3416| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
3417| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3418| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
3419| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
3420| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
3421| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3422| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
3423| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3424| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
3425| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3426| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3427| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
3428| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
3429| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
3430| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
3431| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
3432| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
3433| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
3434| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
3435| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3436| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3437| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
3438| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
3439| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
3440| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
3441| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
3442| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
3443| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
3444| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
3445| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
3446| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
3447| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
3448| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3449| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
3450| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
3451| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
3452| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3453| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
3454| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
3455| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
3456| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3457| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3458| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
3459| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
3460| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3461| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
3462| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
3463| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3464| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
3465| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
3466| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
3467| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
3468| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
3469| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
3470| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
3471| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
3472| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
3473| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
3474| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
3475| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
3476| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
3477| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
3478| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
3479| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
3480| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3481| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
3482| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
3483| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
3484| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
3485| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
3486| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
3487| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3488| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
3489| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
3490| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3491| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3492| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
3493| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
3494| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
3495| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
3496| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
3497| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
3498| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
3499| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
3500| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
3501| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
3502| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
3503| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
3504| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
3505| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
3506| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
3507| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
3508| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
3509| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
3510| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
3511| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
3512| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
3513| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
3514| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
3515| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
3516| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
3517| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
3518| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
3519| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
3520| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
3521| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3522| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
3523| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
3524| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
3525| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
3526| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
3527| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
3528| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3529| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
3530| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
3531| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
3532| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
3533| [CVE-2011-1990] Microsoft Excel 2007 SP2
3534| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
3535| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
3536| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
3537| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
3538| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
3539| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
3540| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
3541| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
3542| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
3543| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
3544| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
3545| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
3546| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
3547| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
3548| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
3549| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
3550| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
3551| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
3552| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
3553| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
3554| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
3555| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
3556| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
3557| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
3558| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3559| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3560| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3561| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3562| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3563| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3564| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3565| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3566| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3567| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3568| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
3569| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3570| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3571| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3572| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
3573| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
3574| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
3575| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
3576| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
3577| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
3578| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
3579| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
3580| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
3581| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
3582| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
3583| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
3584| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
3585| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
3586| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
3587| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3588| [CVE-2011-1275] Microsoft Excel 2002 SP3
3589| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3590| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3591| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3592| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
3593| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
3594| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
3595| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
3596| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
3597| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
3598| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
3599| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
3600| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3601| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
3602| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
3603| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3604| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3605| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3606| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3607| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3608| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3609| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3610| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3611| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3612| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3613| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3614| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3615| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3616| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3617| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3618| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3619| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3620| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3621| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
3622| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3623| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3624| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
3625| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
3626| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3627| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
3628| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3629| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3630| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3631| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3632| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3633| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3634| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3635| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3636| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
3637| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3638| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
3639| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
3640| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
3641| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
3642| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3643| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
3644| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
3645| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
3646| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
3647| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
3648| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
3649| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
3650| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3651| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3652| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
3653| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
3654| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
3655| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
3656| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
3657| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
3658| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
3659| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
3660| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
3661| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
3662| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
3663| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
3664| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
3665| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
3666| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
3667| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
3668| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
3669| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
3670| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
3671| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
3672| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
3673| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
3674| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
3675| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
3676| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
3677| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
3678| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
3679| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
3680| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
3681| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
3682| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
3683| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
3684| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
3685| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
3686| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
3687| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
3688| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
3689| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
3690| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
3691| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
3692| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
3693| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
3694| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
3695| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
3696| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
3697| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
3698| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
3699| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
3700| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
3701| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
3702| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
3703| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
3704| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
3705| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
3706| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
3707| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
3708| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
3709| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
3710| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
3711| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
3712| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
3713| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
3714| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
3715| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
3716| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
3717| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
3718| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
3719| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
3720| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
3721| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
3722| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
3723| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
3724| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
3725| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
3726| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
3727| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
3728| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
3729| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
3730| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
3731| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
3732| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
3733| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
3734| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3735| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
3736| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
3737| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
3738| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
3739| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
3740| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
3741| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
3742| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
3743| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
3744| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
3745| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
3746| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
3747| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
3748| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
3749| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
3750| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
3751| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
3752| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
3753| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
3754| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
3755| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
3756| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
3757| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
3758| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
3759| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
3760| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
3761| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
3762| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
3763| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
3764| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
3765| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
3766| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
3767| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
3768| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
3769| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
3770| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
3771| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
3772| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
3773| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
3774| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
3775| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
3776| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
3777| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
3778| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
3779| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
3780| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
3781| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
3782| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
3783| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
3784| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
3785| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
3786| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
3787| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
3788| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
3789| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
3790| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
3791| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
3792| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
3793| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
3794| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
3795| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
3796| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
3797| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
3798| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
3799| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
3800| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
3801| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
3802| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
3803| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
3804| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
3805| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
3806| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
3807| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
3808| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
3809| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
3810| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
3811| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
3812| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
3813| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
3814| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
3815| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
3816| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
3817| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
3818| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
3819| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
3820| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
3821| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
3822| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
3823| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
3824| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
3825| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
3826| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3827| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
3828| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
3829| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
3830| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
3831| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
3832| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
3833| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
3834| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
3835| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
3836| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
3837| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
3838| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
3839| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
3840| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
3841| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
3842| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
3843| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
3844| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
3845| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
3846| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
3847| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
3848| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
3849| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
3850| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
3851| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3852| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
3853| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
3854| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
3855| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
3856| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
3857| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
3858| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
3859| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
3860| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
3861| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
3862| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
3863| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
3864| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
3865| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
3866| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
3867| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
3868| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
3869| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
3870| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
3871| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
3872| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
3873| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
3874| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
3875| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
3876| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
3877| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
3878| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
3879| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
3880| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
3881| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
3882| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
3883| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
3884| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
3885| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
3886| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
3887| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
3888| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
3889| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
3890| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
3891| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
3892| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
3893| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
3894| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
3895| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
3896| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
3897| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
3898| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
3899| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
3900| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
3901| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
3902| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
3903| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3904| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
3905| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3906| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3907| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
3908| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3909| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
3910| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
3911| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
3912| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
3913| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
3914| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
3915| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
3916| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
3917| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
3918| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
3919| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
3920| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3921| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
3922| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
3923| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
3924| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
3925| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
3926| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
3927| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
3928| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
3929| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
3930| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
3931| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
3932| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
3933| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
3934| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
3935| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
3936| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
3937| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
3938| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
3939| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
3940| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
3941| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
3942| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
3943| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
3944| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
3945| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
3946| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
3947| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
3948| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
3949| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
3950| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
3951| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
3952| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
3953| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
3954| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
3955| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
3956| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
3957| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
3958| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
3959| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
3960| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
3961| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
3962| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
3963| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
3964| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
3965| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
3966| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
3967| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
3968| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
3969| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
3970| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
3971| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
3972| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
3973| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
3974| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
3975| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
3976| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
3977| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
3978| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
3979| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
3980| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
3981| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
3982| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
3983| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
3984| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
3985| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
3986| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
3987| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
3988| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
3989| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
3990| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3991| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3992| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
3993| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
3994| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
3995| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
3996| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
3997| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
3998| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
3999| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
4000| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
4001| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4002| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
4003| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
4004| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
4005| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
4006| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
4007| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
4008| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
4009| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
4010| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
4011| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
4012| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
4013| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
4014| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
4015| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
4016| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4017| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
4018| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
4019| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
4020| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
4021| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
4022| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
4023| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
4024| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
4025| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
4026| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
4027| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
4028| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
4029| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
4030| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
4031| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
4032| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
4033| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
4034| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
4035| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
4036| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
4037| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
4038| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
4039| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
4040| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
4041| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
4042| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
4043| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
4044| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
4045| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
4046| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
4047| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
4048| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
4049| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
4050| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
4051| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
4052| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
4053| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
4054| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
4055| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
4056| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4057| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
4058| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
4059| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
4060| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
4061| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
4062| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
4063| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
4064| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
4065| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4066| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
4067| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
4068| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
4069| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
4070| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
4071| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
4072| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
4073| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
4074| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
4075| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
4076| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
4077| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4078| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4079| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4080| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4081| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4082| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4083| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
4084| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
4085| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4086| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
4087| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
4088| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
4089| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
4090| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
4091| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
4092| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4093| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
4094| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
4095| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
4096| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4097| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
4098| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4099| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
4100| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4101| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4102| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
4103| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
4104| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
4105| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
4106| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
4107| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
4108| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4109| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
4110| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
4111| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
4112| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
4113| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
4114| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
4115| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
4116| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
4117| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
4118| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
4119| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
4120| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
4121| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
4122| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
4123| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
4124| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
4125| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
4126| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
4127| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
4128| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
4129| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
4130| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
4131| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
4132| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
4133| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
4134| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
4135| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
4136| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
4137| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
4138| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
4139| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
4140| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
4141| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
4142| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
4143| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
4144| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
4145| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
4146| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
4147| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
4148| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
4149| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
4150| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
4151| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
4152| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
4153| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
4154| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
4155| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
4156| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
4157| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
4158| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
4159| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
4160| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
4161| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
4162| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
4163| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
4164| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
4165| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
4166| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
4167| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
4168| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
4169| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
4170| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
4171| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
4172| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
4173| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
4174| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
4175| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
4176| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
4177| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
4178| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
4179| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
4180| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
4181| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
4182| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
4183| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
4184| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
4185| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
4186| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
4187| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
4188| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
4189| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
4190| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
4191| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
4192| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
4193| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
4194| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
4195| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
4196| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
4197| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
4198| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
4199| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
4200| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
4201| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
4202| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
4203| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
4204| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
4205| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
4206| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
4207| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
4208| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
4209| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
4210| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
4211| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4212| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
4213| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
4214| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
4215| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
4216| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
4217| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
4218| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
4219| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
4220| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
4221| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
4222| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
4223| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
4224| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
4225| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
4226| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
4227| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
4228| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
4229| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
4230| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
4231| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
4232| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
4233| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
4234| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
4235| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
4236| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
4237| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
4238| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
4239| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
4240| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
4241| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
4242| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
4243| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
4244| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4245| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4246| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
4247| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
4248| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
4249| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
4250| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
4251| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
4252| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
4253| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
4254| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
4255| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
4256| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
4257| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
4258| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
4259| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
4260| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
4261| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
4262| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
4263| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
4264| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
4265| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
4266| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
4267| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
4268| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
4269| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
4270| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
4271| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
4272| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
4273| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
4274| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
4275| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
4276| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
4277| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
4278| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
4279| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
4280| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
4281| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
4282| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
4283| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
4284| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
4285| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
4286| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
4287| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
4288| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
4289| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
4290| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
4291| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
4292| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
4293| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
4294| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
4295| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
4296| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
4297| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
4298| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
4299| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
4300| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
4301| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
4302| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
4303| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
4304| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
4305| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
4306| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
4307| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
4308| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
4309| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
4310| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
4311| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
4312| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
4313| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
4314| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
4315| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
4316| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
4317| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
4318| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
4319| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
4320| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
4321| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
4322| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
4323| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
4324| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
4325| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
4326| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
4327| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
4328| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
4329| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
4330| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
4331| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
4332| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
4333| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
4334| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
4335| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
4336| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
4337| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
4338| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
4339| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
4340| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
4341| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
4342| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
4343| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
4344| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
4345| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
4346| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
4347| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
4348| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
4349| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
4350| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
4351| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
4352| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
4353| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
4354| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
4355| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
4356| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
4357| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
4358| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
4359| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
4360| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
4361| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
4362| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
4363| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
4364| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
4365| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
4366| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
4367| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
4368| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
4369| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
4370| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
4371| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
4372| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
4373| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
4374| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
4375| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
4376| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
4377| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
4378| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
4379| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
4380| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
4381| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
4382| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
4383| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
4384| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
4385| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
4386| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
4387| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
4388| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
4389| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
4390| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
4391| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
4392| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
4393| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
4394| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
4395| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
4396| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
4397| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
4398| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
4399| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
4400| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
4401| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
4402| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
4403| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
4404| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
4405| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
4406| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
4407| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
4408| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
4409| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
4410| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
4411| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
4412| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
4413| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
4414| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
4415| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
4416| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
4417| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
4418| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
4419| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
4420| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
4421| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
4422| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
4423| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
4424| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
4425| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
4426| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
4427| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
4428| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
4429| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
4430| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
4431| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
4432| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
4433| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
4434| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
4435| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
4436| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
4437| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
4438| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
4439| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
4440| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
4441| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
4442| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
4443| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
4444| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
4445| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
4446| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
4447| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
4448| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
4449| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
4450| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
4451| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
4452| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
4453| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
4454| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
4455| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
4456| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
4457| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
4458| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
4459| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
4460| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
4461| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
4462| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
4463| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
4464| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
4465| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
4466| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
4467| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
4468| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
4469| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
4470| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
4471| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
4472| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
4473| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
4474| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
4475| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
4476| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
4477| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
4478| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
4479| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
4480| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
4481| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
4482| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
4483| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
4484| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
4485| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
4486| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
4487| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
4488| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
4489| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
4490| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
4491| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
4492| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
4493| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
4494| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
4495| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
4496| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
4497| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
4498| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
4499| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
4500| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
4501| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
4502| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
4503| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
4504| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
4505| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
4506| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
4507| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
4508| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
4509| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
4510| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
4511| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
4512| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
4513| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
4514| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
4515| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
4516| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
4517| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
4518| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
4519| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
4520| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
4521| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
4522| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
4523| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
4524| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
4525| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
4526| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
4527| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
4528| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
4529| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
4530| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
4531| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
4532| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
4533| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
4534| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
4535| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
4536| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
4537| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
4538| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
4539| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
4540| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
4541| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
4542| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
4543| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
4544| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
4545| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
4546| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
4547| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
4548| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
4549| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
4550| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
4551| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
4552| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
4553| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
4554| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
4555| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
4556| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
4557| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
4558| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
4559| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
4560| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
4561| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
4562| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
4563| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
4564| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
4565| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
4566| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
4567| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
4568| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
4569| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
4570| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
4571| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
4572| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
4573| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
4574| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
4575| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
4576| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
4577| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
4578| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
4579| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
4580| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
4581| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
4582| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
4583| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
4584| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
4585| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
4586| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
4587| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
4588| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
4589| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
4590| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
4591| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
4592| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
4593| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
4594| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
4595| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
4596| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
4597| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
4598| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
4599| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
4600| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
4601| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
4602| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
4603| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
4604| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
4605| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
4606| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
4607| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
4608| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
4609| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
4610| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
4611| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
4612| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
4613| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
4614| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
4615| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
4616| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
4617| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
4618| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
4619| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
4620| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
4621| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
4622| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
4623| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
4624| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
4625| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
4626| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
4627| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
4628| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
4629| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
4630| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
4631| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
4632| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
4633| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
4634| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
4635| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
4636| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
4637| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
4638| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
4639| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
4640| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
4641| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
4642| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
4643| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
4644| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
4645| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
4646| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
4647| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
4648| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
4649| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
4650| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
4651| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
4652| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
4653| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
4654| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
4655| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
4656| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
4657| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
4658| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
4659| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4660| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4661| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4662| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4663| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
4664| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
4665| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
4666| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
4667| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
4668| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
4669| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
4670| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
4671| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
4672| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
4673| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
4674| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
4675| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
4676| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4677| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4678| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
4679| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
4680| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4681| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
4682| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
4683| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
4684| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
4685| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
4686| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
4687| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
4688| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
4689| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
4690| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
4691| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
4692| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
4693| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
4694| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
4695| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
4696| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
4697| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
4698| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
4699| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
4700| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
4701| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
4702| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
4703| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
4704| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
4705| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
4706| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
4707| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
4708| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
4709| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
4710| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
4711| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
4712| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4713| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4714| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4715| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
4716| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
4717| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
4718| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
4719| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
4720| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
4721| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
4722| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
4723| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
4724| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
4725| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
4726| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
4727| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
4728| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
4729| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
4730| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
4731| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
4732| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
4733| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
4734| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
4735| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
4736| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
4737| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
4738| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
4739| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
4740| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
4741| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
4742| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
4743| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
4744| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
4745| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
4746| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
4747| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
4748| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
4749| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
4750| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
4751| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
4752| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
4753| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
4754| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
4755| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
4756| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
4757| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
4758| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
4759| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
4760| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
4761| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
4762| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
4763| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
4764| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
4765| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
4766| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
4767| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
4768| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
4769| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
4770| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
4771| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4772| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
4773| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
4774| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4775| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4776| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4777| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4778| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
4779| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
4780| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
4781| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
4782| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
4783| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
4784| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
4785| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
4786| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
4787| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
4788| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
4789| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
4790| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
4791| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
4792| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
4793| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
4794| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
4795| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
4796| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
4797| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
4798| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
4799| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
4800| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
4801| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
4802| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
4803| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
4804| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
4805| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
4806| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
4807|
4808| SecurityFocus - https://www.securityfocus.com/bid/:
4809| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
4810| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
4811| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
4812| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
4813| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
4814| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
4815| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
4816| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
4817| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
4818| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
4819| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
4820| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
4821| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
4822| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
4823| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
4824| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
4825| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
4826| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
4827| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
4828| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
4829| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
4830| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
4831| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
4832| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
4833| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
4834| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
4835| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
4836| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
4837| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
4838| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
4839| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
4840| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
4841| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
4842| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
4843| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
4844| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
4845| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
4846| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
4847| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
4848| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
4849| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
4850| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
4851| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
4852| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
4853| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
4854| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
4855| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
4856| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
4857| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
4858| [22716] Microsoft Office 2003 Denial of Service Vulnerability
4859| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
4860| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
4861| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
4862| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
4863| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
4864| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
4865| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
4866| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
4867| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
4868| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
4869| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
4870| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
4871| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
4872| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
4873| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
4874| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
4875| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
4876| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
4877| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
4878| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
4879| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
4880| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
4881| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
4882| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
4883| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
4884| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
4885| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
4886| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
4887| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
4888| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
4889| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
4890| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
4891| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
4892| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
4893| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
4894| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
4895| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
4896| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
4897| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
4898| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
4899| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
4900| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
4901| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
4902| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
4903| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
4904| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
4905| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
4906| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
4907| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
4908| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
4909| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
4910| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
4911| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
4912| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
4913| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
4914| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
4915| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
4916| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
4917| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
4918| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
4919| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
4920| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
4921| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
4922| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
4923| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
4924| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
4925| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
4926| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
4927| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
4928| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
4929| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
4930| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
4931| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
4932| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
4933| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
4934| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
4935| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
4936| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
4937| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
4938| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
4939| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
4940| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
4941| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
4942| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
4943| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
4944| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
4945| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
4946| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
4947| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
4948| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
4949| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
4950| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
4951| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
4952| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
4953| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
4954| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
4955| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
4956| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
4957| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
4958| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
4959| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
4960| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
4961| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
4962| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
4963| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
4964| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
4965| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
4966| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
4967| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
4968| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
4969| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
4970| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
4971| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
4972| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
4973| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
4974| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
4975| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
4976| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
4977| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
4978| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
4979| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
4980| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
4981| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
4982| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
4983| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
4984| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
4985| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
4986| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
4987| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
4988| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
4989| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
4990| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
4991| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
4992| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
4993| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
4994| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
4995| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
4996| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
4997| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
4998| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
4999| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
5000| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
5001| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
5002| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
5003| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
5004| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
5005| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
5006| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
5007| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
5008| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
5009| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
5010| [1197] Microsoft Office 2000 UA Control Vulnerability
5011| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
5012| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
5013| [539] Microsoft Windows 2000 EFS Vulnerability
5014| [180] Microsoft Windows April Fools 2001 Vulnerability
5015| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
5016| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
5017| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
5018| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
5019| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
5020| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
5021| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
5022| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
5023| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
5024| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
5025| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
5026| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
5027| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
5028| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
5029| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
5030| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
5031| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
5032| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
5033| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
5034| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
5035| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
5036| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
5037| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
5038| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
5039| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
5040| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
5041| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
5042| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
5043| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
5044| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
5045| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
5046| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
5047| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
5048| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
5049| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
5050| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
5051| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
5052| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
5053| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
5054| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
5055| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
5056| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
5057| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
5058| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
5059| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
5060| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
5061| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
5062| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
5063| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
5064| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
5065| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
5066| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
5067| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
5068| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
5069| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
5070| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
5071| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
5072| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
5073| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
5074| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
5075| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
5076| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
5077| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
5078| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
5079| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
5080|
5081| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5082| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
5083| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
5084| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
5085| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
5086| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
5087| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
5088| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
5089| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
5090| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
5091| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
5092| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
5093| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
5094| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
5095| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
5096| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
5097| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
5098| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
5099| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
5100| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
5101| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
5102| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
5103| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
5104| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
5105| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
5106| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
5107| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
5108| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
5109| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
5110| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
5111| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
5112| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
5113| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
5114| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
5115| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
5116| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
5117| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
5118| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
5119| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
5120| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
5121| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
5122| [48595] Microsoft Word 2007 Email as PDF information disclosure
5123| [46102] Microsoft Windows 2003 SP2 is not installed on the system
5124| [46101] Microsoft Windows 2003 SP1 is not installed on the system
5125| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
5126| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
5127| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
5128| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
5129| [34599] Microsoft Windows Server 2003 terminal server security bypass
5130| [34473] Microsoft Office 2000 ActiveX control buffer overflow
5131| [33713] Microsoft Word 2007 multiple unspecified denial of service
5132| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
5133| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
5134| [31821] Microsoft Windows time zone update for year 2007
5135| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
5136| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
5137| [29546] Microsoft Windows 2000/2003 user logoff initiated
5138| [29545] Microsoft Windows 2000/2003 system time changed
5139| [29544] Microsoft Windows 2000/2003 system security access removed
5140| [29543] Microsoft Windows 2000/2003 security access granted
5141| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
5142| [29541] Microsoft Windows 2000/2003 primary security token issued
5143| [29540] Microsoft Windows 2000/2003 user password reset successful
5144| [29539] Microsoft Windows 2000/2003 object indirectly accessed
5145| [29538] Microsoft Windows 2000/2003 object handle duplicated
5146| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
5147| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
5148| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
5149| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
5150| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
5151| [29532] Microsoft Windows 2000/2003 IKE security association established
5152| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
5153| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
5154| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
5155| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
5156| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
5157| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
5158| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
5159| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
5160| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
5161| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
5162| [29521] Microsoft Windows 2000/2003 account name changed
5163| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
5164| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
5165| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
5166| [26118] Microsoft Office 2003 mailto: information disclosure
5167| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
5168| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
5169| [24473] Microsoft Windows 2000 event ID 565 not logged
5170| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
5171| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
5172| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
5173| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
5174| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
5175| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
5176| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
5177| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
5178| [22183] Microsoft Exchange Server 2003 public folder denial of service
5179| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
5180| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
5181| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
5182| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
5183| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
5184| [19629] Microsoft Exchange Server 2003 folder denial of service
5185| [17826] Microsoft Outlook 2003 CID security bypass
5186| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
5187| [17621] Microsoft Windows 2003 SMTP service code execution
5188| [17560] Microsoft Windows 2000 and XP GDI library denial of service
5189| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
5190| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
5191| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
5192| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
5193| [16907] Microsoft Windows 2003 users with Create global objects privilege
5194| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
5195| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
5196| [16704] Microsoft Windows 2000 Media Player control code execution
5197| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
5198| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
5199| [16570] Microsoft Windows 2003 Users with Create global objects privilege
5200| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
5201| [16562] Microsoft Windows 2003 Groups with "
5202| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
5203| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
5204| [16520] Microsoft Windows 2003 Create global objects privilege
5205| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
5206| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
5207| [16119] Microsoft Outlook 2000 URL spoofing
5208| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
5209| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
5210| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
5211| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
5212| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
5213| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
5214| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
5215| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
5216| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
5217| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
5218| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
5219| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
5220| [13426] Microsoft Windows 2000 and XP RPC race condition
5221| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
5222| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
5223| [13385] Microsoft Windows Server 2003 "
5224| [13211] Microsoft Windows 2000 and XP URG memory leak
5225| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
5226| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
5227| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
5228| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
5229| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
5230| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
5231| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
5232| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
5233| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
5234| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
5235| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
5236| [11901] Microsoft BizTalk Server 2002 SQL injection
5237| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
5238| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
5239| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
5240| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
5241| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
5242| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
5243| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
5244| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
5245| [11216] Microsoft Windows NT and 2000 command prompt denial of service
5246| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
5247| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
5248| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
5249| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
5250| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
5251| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
5252| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
5253| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
5254| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
5255| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
5256| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
5257| [9779] Microsoft Windows 2000 weak system partition permissions
5258| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
5259| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
5260| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
5261| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
5262| [8867] Microsoft Windows 2000 LanMan denial of service
5263| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
5264| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
5265| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
5266| [8739] Microsoft Windows 2000 DCOM memory leak
5267| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
5268| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
5269| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
5270| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
5271| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
5272| [8199] Microsoft Windows 2000 Terminal Services unlocked client
5273| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
5274| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
5275| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
5276| [8037] Microsoft Windows 2000 empty TCP packet denial of service
5277| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
5278| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
5279| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
5280| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
5281| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
5282| [7533] Microsoft Windows 2000 RunAs service denial of service
5283| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
5284| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
5285| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
5286| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
5287| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
5288| [7008] Microsoft Windows 2000 IrDA device denial of service
5289| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
5290| [6931] Microsoft Windows 2000 without Service Pack 2
5291| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
5292| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
5293| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
5294| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
5295| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
5296| [6669] Microsoft Windows 2000 Telnet system call denial of service
5297| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
5298| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
5299| [6666] Microsoft Windows 2000 Telnet username denial of service
5300| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
5301| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
5302| [6652] Microsoft Exchange 2000 OWA script execution
5303| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
5304| [6506] Microsoft Windows 2000 Server Kerberos denial of service
5305| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
5306| [6160] Microsoft Windows 2000 event viewer buffer overflow
5307| [6136] Microsoft Windows 2000 domain controller denial of service
5308| [6035] Microsoft Windows 2000 Server RDP denial of service
5309| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
5310| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
5311| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
5312| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
5313| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
5314| [5585] Microsoft Windows 2000 brute force attack
5315| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
5316| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
5317| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
5318| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
5319| [5263] Microsoft Office 2000 executes .dll without users knowledge
5320| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
5321| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
5322| [5203] Microsoft Windows 2000 still image service
5323| [5171] Microsoft Windows 2000 Local Security Policy corruption
5324| [5080] Microsoft Office 2000 HTML object tag buffer overflow
5325| [5033] Microsoft Windows 2000 without Service Pack 1
5326| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
5327| [5015] Microsoft Windows NT and 2000 executable path
5328| [4887] Microsoft Windows 2000 Kerberos ticket renewed
5329| [4886] Microsoft Windows 2000 logon session reconnected
5330| [4885] Microsoft Windows 2000 logon session disconnected
5331| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
5332| [4873] Microsoft Windows 2000 user account mapped for logon
5333| [4872] Microsoft Windows 2000 account logon failed
5334| [4871] Microsoft Windows 2000 account used for logon
5335| [4855] Microsoft Windows 2000 group type change
5336| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
5337| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
5338| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
5339| [4819] Microsoft Windows 2000 default SYSKEY configuration
5340| [4787] Microsoft Windows 2000 user account locked out
5341| [4786] Microsoft Windows 2000 computer account created
5342| [4785] Microsoft Windows 2000 computer account changed
5343| [4784] Microsoft Windows 2000 computer account deleted
5344| [4714] Microsoft Windows 2000 "
5345| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
5346| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
5347| [4138] Microsoft Windows 2000 system file integrity feature is disabled
5348| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
5349| [4085] Microsoft Windows 2000 non-Gregorial calendar error
5350| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
5351| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
5352| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
5353| [4080] Microsoft Windows 2000 AOL image support
5354| [4079] Microsoft Windows 2000 High Encryption Pack
5355| [3854] Microsoft Office 2000 security setting
5356| [1376] Microsoft Proxy 2.0 denial of service
5357| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
5358| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
5359| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
5360| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
5361| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
5362| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
5363| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
5364| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
5365| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
5366| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
5367| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
5368| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
5369| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
5370| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
5371| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
5372| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
5373| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
5374| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
5375| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
5376| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
5377| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
5378| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
5379| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
5380| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
5381| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
5382| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
5383| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
5384| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
5385| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
5386| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
5387| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
5388| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
5389| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
5390| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
5391| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
5392| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
5393| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
5394| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
5395| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
5396| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
5397| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
5398| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
5399| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
5400| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
5401| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
5402| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
5403| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
5404| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
5405| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
5406| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
5407| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
5408| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
5409| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
5410| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
5411| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
5412| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
5413| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
5414| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
5415| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
5416| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
5417| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
5418| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
5419| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
5420| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
5421| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
5422| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
5423| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
5424| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
5425| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
5426| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
5427| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
5428| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
5429| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
5430| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
5431| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
5432| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
5433| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
5434| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
5435| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
5436| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
5437| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
5438| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
5439| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
5440| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
5441| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
5442| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
5443| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
5444| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
5445| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
5446| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
5447| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
5448| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
5449| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
5450| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
5451| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
5452| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
5453| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
5454| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
5455| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
5456| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
5457| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
5458| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
5459| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
5460| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
5461| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
5462| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
5463| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
5464| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
5465| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
5466| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
5467| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
5468| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
5469| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
5470| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
5471| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
5472| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
5473| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
5474| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
5475| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
5476| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
5477| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
5478| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
5479| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
5480| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
5481| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
5482| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
5483| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
5484| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
5485| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
5486| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
5487| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
5488| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
5489| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
5490| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
5491| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
5492| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
5493| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
5494| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
5495| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
5496| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
5497| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
5498| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
5499| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
5500| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
5501| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
5502| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
5503| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
5504| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
5505| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
5506| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
5507| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
5508| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
5509| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
5510| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
5511| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
5512| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
5513| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
5514| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
5515| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
5516| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
5517| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
5518| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
5519| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
5520| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
5521| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
5522| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
5523| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
5524| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
5525| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
5526| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
5527| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
5528| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
5529| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
5530| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
5531| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
5532| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
5533| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
5534| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
5535| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
5536| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
5537| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
5538| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
5539| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
5540| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
5541| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
5542| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
5543| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
5544| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
5545| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
5546| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
5547| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
5548| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
5549| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
5550| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
5551| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
5552| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
5553| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
5554| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
5555| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
5556| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
5557| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
5558| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
5559| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
5560| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
5561| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
5562| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
5563| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
5564| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
5565| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
5566| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
5567| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
5568| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
5569| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
5570| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
5571| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
5572| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
5573| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
5574| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
5575| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
5576| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
5577| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
5578| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
5579| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
5580| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
5581| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
5582| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
5583| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
5584| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
5585| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
5586| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
5587| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
5588| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
5589| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
5590| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
5591| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
5592| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
5593| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
5594| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
5595| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
5596| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
5597| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
5598| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
5599| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
5600| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
5601| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
5602| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
5603| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
5604| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
5605| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
5606| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
5607| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
5608| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
5609| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
5610| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
5611| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
5612| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
5613| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
5614| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
5615| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
5616| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
5617| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
5618| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
5619| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
5620| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
5621| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
5622| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
5623| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
5624| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
5625| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
5626| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
5627| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
5628| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
5629| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
5630| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
5631| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
5632| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
5633| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
5634| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
5635| [9146] Microsoft Passport SDK 2.1 events reporting disabled
5636| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
5637| [9067] Microsoft Passport SDK 2.1 default test site exposure
5638| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
5639| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
5640| [9064] Microsoft Passport SDK 2.1 default time window exposure
5641| [1271] Microsoft IIS version 2 installed
5642| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
5643|
5644| Exploit-DB - https://www.exploit-db.com:
5645| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
5646| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
5647| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
5648| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
5649| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
5650| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
5651| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
5652| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
5653| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
5654| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
5655| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
5656| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
5657| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
5658| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
5659| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
5660| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
5661| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
5662| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
5663| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
5664| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
5665| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
5666| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
5667| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
5668| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
5669| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
5670| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
5671| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
5672| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
5673| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
5674| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
5675| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
5676| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
5677| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
5678| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
5679| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
5680| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
5681| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
5682| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
5683| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
5684| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
5685| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
5686| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
5687| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
5688| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
5689| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
5690| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
5691| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
5692| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
5693| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
5694| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
5695| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
5696| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
5697| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
5698| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
5699| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
5700| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
5701| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
5702| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
5703| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
5704| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
5705| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
5706| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
5707| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
5708| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
5709| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
5710| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
5711| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
5712| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
5713| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
5714| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
5715| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
5716| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
5717| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
5718| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
5719| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
5720| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
5721| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
5722| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
5723| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
5724| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
5725| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
5726| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
5727| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
5728| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
5729| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
5730| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
5731| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
5732| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
5733| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
5734| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
5735| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
5736| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
5737| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
5738| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
5739| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
5740| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
5741| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
5742| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
5743| [18334] Microsoft Office 2003 Home/Pro 0day
5744| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
5745| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
5746| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
5747| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
5748| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
5749| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
5750| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
5751| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
5752| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
5753| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
5754| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
5755| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
5756| [3690] microsoft office word 2007 - Multiple Vulnerabilities
5757| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
5758| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
5759| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
5760| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
5761| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
5762| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
5763| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
5764| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
5765| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
5766| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
5767| [22850] Microsoft Office OneNote 2010 Crash PoC
5768| [22679] Microsoft Visio 2010 Crash PoC
5769| [22655] Microsoft Publisher 2013 Crash PoC
5770| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
5771| [22330] Microsoft Office Excel 2010 Crash PoC
5772| [22310] Microsoft Office Publisher 2010 Crash PoC
5773| [22237] Microsoft Office Picture Manager 2010 Crash PoC
5774| [22215] Microsoft Office Word 2010 Crash PoC
5775| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
5776| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
5777| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
5778| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
5779| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
5780| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
5781| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
5782| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
5783| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
5784| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
5785|
5786| OpenVAS (Nessus) - http://www.openvas.org:
5787| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
5788| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
5789| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
5790| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
5791| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
5792| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
5793| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
5794| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
5795| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
5796| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
5797| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
5798| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
5799| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
5800|
5801| SecurityTracker - https://www.securitytracker.com:
5802| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
5803| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
5804| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
5805| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
5806| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
5807| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
5808| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
5809| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
5810| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
5811| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
5812| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
5813| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
5814| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
5815| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
5816| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
5817| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
5818| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
5819| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
5820| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
5821| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
5822| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
5823| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
5824| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
5825| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
5826| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
5827| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
5828| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
5829| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
5830| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
5831| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
5832| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
5833| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
5834| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
5835| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
5836| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
5837| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
5838| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
5839| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
5840| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
5841| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
5842| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
5843| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
5844| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
5845| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
5846| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
5847| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
5848| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
5849| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
5850| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
5851| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
5852| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
5853| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
5854| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
5855| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
5856| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
5857| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
5858| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
5859| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
5860| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
5861|
5862| OSVDB - http://www.osvdb.org:
5863| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
5864| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
5865| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
5866| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
5867| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
5868| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
5869| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
5870| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
5871| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
5872| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
5873| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
5874| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
5875| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
5876| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
5877| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
5878| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
5879| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
5880| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
5881| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
5882| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
5883| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
5884| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
5885| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
5886| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
5887| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
5888| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
5889| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
5890| [28539] Microsoft Word 2000 Unspecified Code Execution
5891| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
5892| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
5893| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
5894| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
5895| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
5896| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
5897| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
5898| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
5899| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
5900| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
5901| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
5902| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
5903| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
5904| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
5905| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
5906| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
5907| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
5908| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
5909| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
5910| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
5911| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
5912| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
5913| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
5914| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
5915| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
5916| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
5917| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
5918| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
5919| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
5920| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
5921| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
5922| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
5923| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
5924| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
5925| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
5926| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
5927| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
5928| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
5929| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
5930| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
5931| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
5932| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
5933| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
5934| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
5935| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
5936| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
5937| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
5938| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
5939| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
5940| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
5941| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
5942| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
5943| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
5944| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
5945| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
5946| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
5947| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
5948| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
5949| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
5950| [8243] Microsoft SMS Port 2702 DoS
5951| [7202] Microsoft PowerPoint 2000 File Loader Overflow
5952| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
5953| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
5954| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
5955| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
5956| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
5957| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
5958| [6965] Microsoft ISA Server 2000 SSL Packet DoS
5959| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
5960| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
5961| [5179] Microsoft Windows 2000 microsoft-ds DoS
5962| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
5963| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
5964| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
5965| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
5966| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
5967| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
5968| [4168] Microsoft Outlook 2002 mailto URI Script Injection
5969| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
5970| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
5971| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
5972| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
5973| [2244] Microsoft Windows 2000 ShellExecute() API Let
5974| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
5975| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
5976| [1764] Microsoft Windows 2000 Domain Controller DoS
5977| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
5978| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
5979| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
5980| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
5981| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
5982| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
5983| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
5984| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
5985| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
5986| [1399] Microsoft Windows 2000 Windows Station Access
5987| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
5988| [1297] Microsoft Windows 2000 Active Directory Object Attribute
5989| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
5990| [773] Microsoft Windows 2000 Group Policy File Lock DoS
5991| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
5992| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
5993| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
5994| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
5995| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
5996| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
5997|_
5998Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
5999Device type: general purpose
6000Running (JUST GUESSING): Microsoft Windows 2016 (89%), FreeBSD 6.X (85%)
6001OS CPE: cpe:/o:microsoft:windows_server_2016 cpe:/o:freebsd:freebsd:6.2
6002Aggressive OS guesses: Microsoft Windows Server 2016 (89%), FreeBSD 6.2-RELEASE (85%)
6003No exact OS matches for host (test conditions non-ideal).
6004Uptime guess: 1.803 days (since Wed Oct 16 05:50:37 2019)
6005Network Distance: 18 hops
6006TCP Sequence Prediction: Difficulty=262 (Good luck!)
6007IP ID Sequence Generation: Incremental
6008Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
6009
6010TRACEROUTE (using port 80/tcp)
6011HOP RTT ADDRESS
60121 163.26 ms 10.253.204.1
60132 264.40 ms 45.131.4.3
60143 264.36 ms 109.236.95.224
60154 264.43 ms hu0-1-0-3.ccr21.ams04.atlas.cogentco.com (149.11.38.225)
60165 264.46 ms be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49)
60176 264.51 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)
60187 264.49 ms ntt.ams03.atlas.cogentco.com (130.117.15.130)
60198 264.55 ms ae-10.r24.amstnl02.nl.bb.gin.ntt.net (129.250.3.44)
60209 264.60 ms ae-13.r02.mlanit01.it.bb.gin.ntt.net (129.250.3.179)
602110 ... 14
602215 401.68 ms 195.175.13.102.static.turktelekom.com.tr (195.175.13.102)
602316 259.85 ms 195.175.13.102.static.turktelekom.com.tr (195.175.13.102)
602417 ...
602518 401.68 ms 212.175.8.35
6026
6027NSE: Script Post-scanning.
6028Initiating NSE at 01:06
6029Completed NSE at 01:06, 0.00s elapsed
6030Initiating NSE at 01:06
6031Completed NSE at 01:06, 0.00s elapsed
6032#######################################################################################################################################
6033Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 01:10 EDT
6034NSE: Loaded 163 scripts for scanning.
6035NSE: Script Pre-scanning.
6036Initiating NSE at 01:10
6037Completed NSE at 01:10, 0.00s elapsed
6038Initiating NSE at 01:10
6039Completed NSE at 01:10, 0.00s elapsed
6040Initiating Parallel DNS resolution of 1 host. at 01:10
6041Completed Parallel DNS resolution of 1 host. at 01:10, 2.14s elapsed
6042Initiating SYN Stealth Scan at 01:10
6043Scanning 212.175.8.35 [1 port]
6044Completed SYN Stealth Scan at 01:10, 2.04s elapsed (1 total ports)
6045Initiating Service scan at 01:10
6046Initiating OS detection (try #1) against 212.175.8.35
6047Retrying OS detection (try #2) against 212.175.8.35
6048Initiating Traceroute at 01:10
6049Completed Traceroute at 01:10, 6.31s elapsed
6050Initiating Parallel DNS resolution of 15 hosts. at 01:10
6051Completed Parallel DNS resolution of 15 hosts. at 01:10, 0.36s elapsed
6052NSE: Script scanning 212.175.8.35.
6053Initiating NSE at 01:10
6054Completed NSE at 01:10, 0.01s elapsed
6055Initiating NSE at 01:10
6056Completed NSE at 01:10, 0.00s elapsed
6057Nmap scan report for 212.175.8.35
6058Host is up.
6059
6060PORT STATE SERVICE VERSION
6061443/tcp filtered https
6062Too many fingerprints match this host to give specific OS details
6063
6064TRACEROUTE (using proto 1/icmp)
6065HOP RTT ADDRESS
60661 287.07 ms 10.253.204.1
60672 287.14 ms 45.131.4.2
60683 287.14 ms 109.236.95.224
60694 287.18 ms hu0-4-0-0.ccr21.ams04.atlas.cogentco.com (149.11.39.41)
60705 287.21 ms be3457.ccr41.ams03.atlas.cogentco.com (130.117.1.9)
60716 287.29 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)
60727 287.26 ms ntt.ams03.atlas.cogentco.com (130.117.15.130)
60738 287.30 ms ae-10.r24.amstnl02.nl.bb.gin.ntt.net (129.250.3.44)
60749 287.36 ms ae-13.r02.mlanit01.it.bb.gin.ntt.net (129.250.3.179)
607510 287.41 ms 81.25.202.150
607611 292.75 ms 35-izmir-xrs-t2-2---306-mil-col-1.statik.turktelekom.com.tr (212.156.141.215)
607712 292.64 ms 81.212.212.243.static.turktelekom.com.tr (81.212.212.243)
607813 292.65 ms 06-ulus-xrs-t2-1---35-hatay-t2-2.statik.turktelekom.com.tr (212.156.121.83)
607914 292.66 ms 81.212.215.188.static.turktelekom.com.tr (81.212.215.188)
608015 292.68 ms 195.175.13.102.static.turktelekom.com.tr (195.175.13.102)
608116 ... 30
6082
6083NSE: Script Post-scanning.
6084Initiating NSE at 01:10
6085Completed NSE at 01:10, 0.00s elapsed
6086Initiating NSE at 01:10
6087Completed NSE at 01:10, 0.00s elapsed
6088#######################################################################################################################################
6089Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 01:13 EDT
6090NSE: Loaded 47 scripts for scanning.
6091NSE: Script Pre-scanning.
6092Initiating NSE at 01:13
6093Completed NSE at 01:13, 0.00s elapsed
6094Initiating NSE at 01:13
6095Completed NSE at 01:13, 0.00s elapsed
6096Initiating Ping Scan at 01:13
6097Scanning 212.175.8.35 [4 ports]
6098Completed Ping Scan at 01:13, 0.28s elapsed (1 total hosts)
6099Initiating Parallel DNS resolution of 1 host. at 01:13
6100Completed Parallel DNS resolution of 1 host. at 01:13, 2.13s elapsed
6101Initiating SYN Stealth Scan at 01:13
6102Scanning 212.175.8.35 [65535 ports]
6103Discovered open port 80/tcp on 212.175.8.35
6104Discovered open port 443/tcp on 212.175.8.35
6105SYN Stealth Scan Timing: About 4.28% done; ETC: 01:25 (0:11:32 remaining)
6106SYN Stealth Scan Timing: About 12.24% done; ETC: 01:21 (0:07:17 remaining)
6107SYN Stealth Scan Timing: About 20.84% done; ETC: 01:20 (0:05:46 remaining)
6108SYN Stealth Scan Timing: About 31.99% done; ETC: 01:19 (0:04:17 remaining)
6109SYN Stealth Scan Timing: About 41.46% done; ETC: 01:19 (0:03:33 remaining)
6110SYN Stealth Scan Timing: About 51.10% done; ETC: 01:19 (0:02:53 remaining)
6111SYN Stealth Scan Timing: About 63.69% done; ETC: 01:19 (0:02:00 remaining)
6112SYN Stealth Scan Timing: About 76.25% done; ETC: 01:18 (0:01:15 remaining)
6113Completed SYN Stealth Scan at 01:18, 290.18s elapsed (65535 total ports)
6114Initiating Service scan at 01:18
6115Scanning 2 services on 212.175.8.35
6116Completed Service scan at 01:18, 14.29s elapsed (2 services on 1 host)
6117Initiating OS detection (try #1) against 212.175.8.35
6118Retrying OS detection (try #2) against 212.175.8.35
6119Initiating Traceroute at 01:18
6120Completed Traceroute at 01:18, 0.28s elapsed
6121Initiating Parallel DNS resolution of 2 hosts. at 01:18
6122Completed Parallel DNS resolution of 2 hosts. at 01:18, 1.86s elapsed
6123NSE: Script scanning 212.175.8.35.
6124Initiating NSE at 01:18
6125Completed NSE at 01:19, 16.71s elapsed
6126Initiating NSE at 01:19
6127Completed NSE at 01:19, 2.45s elapsed
6128Nmap scan report for 212.175.8.35
6129Host is up (0.27s latency).
6130Not shown: 65530 filtered ports
6131PORT STATE SERVICE VERSION
613225/tcp closed smtp
613380/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
6134|_http-server-header: Microsoft-HTTPAPI/2.0
6135| vulscan: VulDB - https://vuldb.com:
6136| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
6137| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
6138| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
6139| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
6140| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
6141| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6142| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6143| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6144| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6145| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6146| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6147| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6148| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6149| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6150| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6151| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6152| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6153| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6154| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6155| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
6156| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
6157| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
6158| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
6159| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
6160| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
6161| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
6162| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
6163| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
6164| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
6165| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
6166| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
6167| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
6168| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
6169| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
6170| [114524] Microsoft ASP.NET Core 2.0 denial of service
6171| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
6172| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
6173| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
6174| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
6175| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
6176| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
6177| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
6178| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
6179| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
6180| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6181| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6182| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6183| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6184| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6185| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6186| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6187| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6188| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6189| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6190| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6191| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
6192| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
6193| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
6194| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
6195| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
6196| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
6197| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
6198| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
6199| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
6200| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
6201| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6202| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
6203| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
6204| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6205| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6206| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6207| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
6208| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
6209| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6210| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6211| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
6212| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
6213| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
6214| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
6215| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
6216| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
6217| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
6218| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
6219| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6220| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
6221| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
6222| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
6223| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
6224| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
6225| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
6226| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
6227| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
6228| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
6229| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
6230| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
6231| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
6232| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
6233| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
6234| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
6235| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
6236| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6237| [98085] Microsoft Excel 2007 SP3 memory corruption
6238| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
6239| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
6240| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
6241| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
6242| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
6243| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
6244| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
6245| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
6246| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
6247| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
6248| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
6249| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6250| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
6251| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
6252| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
6253| [93541] Microsoft Office 2007 SP3 denial of service
6254| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
6255| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
6256| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
6257| [93396] Microsoft Office 2007/2010/2011 memory corruption
6258| [93395] Microsoft Office 2007/2010/2011 memory corruption
6259| [93394] Microsoft Office 2007/2010 memory corruption
6260| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
6261| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
6262| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
6263| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
6264| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
6265| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
6266| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
6267| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
6268| [91545] Microsoft Office 2007/2010 memory corruption
6269| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
6270| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
6271| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
6272| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
6273| [90705] Microsoft Office 2007/2010/2011 memory corruption
6274| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
6275| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
6276| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
6277| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
6278| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
6279| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
6280| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
6281| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
6282| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
6283| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
6284| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
6285| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
6286| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
6287| [87147] Microsoft Office 2007/2010 memory corruption
6288| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
6289| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
6290| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
6291| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
6292| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
6293| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
6294| [81272] Microsoft Office 2007/2010/2013 memory corruption
6295| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
6296| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6297| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6298| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
6299| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
6300| [79505] Microsoft Office 2007 memory corruption
6301| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
6302| [79503] Microsoft Office 2007/2010/2013 memory corruption
6303| [79502] Microsoft Office 2007/2010/2011 memory corruption
6304| [79501] Microsoft Office 2007/2010 memory corruption
6305| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
6306| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
6307| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
6308| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
6309| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
6310| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
6311| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
6312| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
6313| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
6314| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
6315| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
6316| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
6317| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
6318| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
6319| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
6320| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
6321| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
6322| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
6323| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
6324| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
6325| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
6326| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
6327| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
6328| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
6329| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
6330| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
6331| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
6332| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
6333| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
6334| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
6335| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
6336| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
6337| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
6338| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
6339| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
6340| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
6341| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
6342| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
6343| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
6344| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
6345| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
6346| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
6347| [68408] Microsoft Excel 2007/2010/2013 memory corruption
6348| [68407] Microsoft Excel 2007/2010 memory corruption
6349| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
6350| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
6351| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
6352| [68188] Microsoft Word 2007 File memory corruption
6353| [68187] Microsoft Word 2007 File memory corruption
6354| [68186] Microsoft Word 2007 File memory corruption
6355| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
6356| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
6357| [71337] Microsoft Office 2000/2004/XP memory corruption
6358| [67355] Microsoft OneNote 2007 File Processing privilege escalation
6359| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
6360| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
6361| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
6362| [13545] Microsoft Word 2007 Embedded Font memory corruption
6363| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
6364| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
6365| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
6366| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
6367| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
6368| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
6369| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
6370| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
6371| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
6372| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
6373| [12844] Microsoft Word 2007/2010 Office File memory corruption
6374| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
6375| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
6376| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
6377| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
6378| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
6379| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
6380| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
6381| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
6382| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
6383| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
6384| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
6385| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
6386| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
6387| [10648] Microsoft Word 2007 Word File memory corruption
6388| [10647] Microsoft Word 2003 Word File memory corruption
6389| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
6390| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
6391| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
6392| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
6393| [10244] Microsoft Office 2003 SP3 Word File memory corruption
6394| [10243] Microsoft Office 2003/2007 Word File memory corruption
6395| [10242] Microsoft Office 2007 Word File memory corruption
6396| [10241] Microsoft Office 2007 Word File memory corruption
6397| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
6398| [10239] Microsoft Office 2003/2007 Word File memory corruption
6399| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
6400| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
6401| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
6402| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
6403| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
6404| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
6405| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
6406| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
6407| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
6408| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
6409| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
6410| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
6411| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
6412| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
6413| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
6414| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
6415| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
6416| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
6417| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
6418| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
6419| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
6420| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
6421| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
6422| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
6423| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
6424| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
6425| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
6426| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
6427| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
6428| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
6429| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
6430| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
6431| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
6432| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
6433| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
6434| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
6435| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
6436| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
6437| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
6438| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
6439| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
6440| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
6441| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
6442| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
6443| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
6444| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
6445| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
6446| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
6447| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
6448| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
6449| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
6450| [6830] Microsoft Word 2007/2010 File memory corruption
6451| [6819] Microsoft Excel 2007 File memory corruption
6452| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
6453| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
6454| [6621] Microsoft Word 2007 PAPX memory corruption
6455| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
6456| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
6457| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
6458| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
6459| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
6460| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
6461| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
6462| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
6463| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
6464| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
6465| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
6466| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
6467| [5643] Microsoft SharePoint 2007/2010 information disclosure
6468| [5642] Microsoft SharePoint 2007 cross site request forgery
6469| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
6470| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
6471| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
6472| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
6473| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
6474| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
6475| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
6476| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
6477| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
6478| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
6479| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
6480| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
6481| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
6482| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
6483| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
6484| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
6485| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
6486| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
6487| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
6488| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
6489| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
6490| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
6491| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
6492| [4480] Microsoft Excel 2003 memory corruption
6493| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
6494| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
6495| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
6496| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
6497| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
6498| [4470] Microsoft Office 2003 SP3 memory corruption
6499| [4453] Microsoft Excel 2003 Record Parser memory corruption
6500| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
6501| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
6502| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
6503| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
6504| [59005] Microsoft Host Integration Server 2004 denial of service
6505| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
6506| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
6507| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
6508| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
6509| [58488] Microsoft Office 2007/2010 memory corruption
6510| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
6511| [4411] Microsoft Excel 2003 memory corruption
6512| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
6513| [58240] Microsoft Visio 2003/2007 memory corruption
6514| [58237] Microsoft Visio 2003/2007/2010 memory corruption
6515| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
6516| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
6517| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
6518| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
6519| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
6520| [57691] Microsoft SQL Server 2008 Web Service information disclosure
6521| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
6522| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
6523| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
6524| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
6525| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
6526| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
6527| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
6528| [4369] Microsoft Excel 2002/2003/2007 memory corruption
6529| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
6530| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
6531| [57420] Microsoft PowerPoint 2002/2003 memory corruption
6532| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
6533| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
6534| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
6535| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
6536| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
6537| [57076] Microsoft Excel 2002/2003 memory corruption
6538| [57075] Microsoft Excel 2002/2003 memory corruption
6539| [57074] Microsoft Excel 2002 memory corruption
6540| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
6541| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
6542| [4332] Microsoft PowerPoint 2007/2010 memory corruption
6543| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
6544| [56475] Microsoft Office 2004/2008 memory corruption
6545| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
6546| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
6547| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
6548| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
6549| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
6550| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
6551| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
6552| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
6553| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
6554| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
6555| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
6556| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
6557| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
6558| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
6559| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
6560| [55765] Microsoft Office 2003/Xp Integer memory corruption
6561| [55764] Microsoft Office 2003/Xp memory corruption
6562| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
6563| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
6564| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
6565| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
6566| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
6567| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
6568| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
6569| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
6570| [55420] Microsoft Office 2007/2010 memory corruption
6571| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
6572| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
6573| [55411] Microsoft PowerPoint 2002/2003 memory corruption
6574| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
6575| [54995] Microsoft Office 2004/2008 memory corruption
6576| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
6577| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
6578| [54992] Microsoft Excel 2002 memory corruption
6579| [54991] Microsoft Office 2004 Future memory corruption
6580| [54990] Microsoft Office 2004 memory corruption
6581| [54989] Microsoft Office 2004/2008 memory corruption
6582| [54988] Microsoft Excel 2002 memory corruption
6583| [54987] Microsoft Excel 2002 memory corruption
6584| [54986] Microsoft Excel 2002/2003 memory corruption
6585| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
6586| [54984] Microsoft Office 2004/2008 memory corruption
6587| [54983] Microsoft Excel 2002 Integer memory corruption
6588| [54980] Microsoft Word 2002/2003 memory corruption
6589| [54979] Microsoft Word 2002 memory corruption
6590| [54978] Microsoft Word 2002 memory corruption
6591| [54977] Microsoft Word 2002 Heap-based memory corruption
6592| [54976] Microsoft Word 2002 memory corruption
6593| [54975] Microsoft Word 2002 memory corruption
6594| [54974] Microsoft Word 2002 memory corruption
6595| [54973] Microsoft Word 2002 memory corruption
6596| [54972] Microsoft Word 2002 memory corruption
6597| [54971] Microsoft Word 2002 memory corruption
6598| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
6599| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
6600| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
6601| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
6602| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
6603| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
6604| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
6605| [54554] Microsoft Groove 2007 mso.dll memory corruption
6606| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
6607| [54322] Microsoft Word 2002/2003 memory corruption
6608| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
6609| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
6610| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
6611| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
6612| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
6613| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
6614| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
6615| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
6616| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
6617| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
6618| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
6619| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
6620| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
6621| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
6622| [53505] Microsoft Excel 2002/2007 memory corruption
6623| [53501] Microsoft Excel 2002 memory corruption
6624| [53500] Microsoft Excel 2002 memory corruption
6625| [53499] Microsoft Excel 2002 memory corruption
6626| [53495] Microsoft Excel 2002/2003/2007 memory corruption
6627| [53494] Microsoft Excel 2002 Stack-based memory corruption
6628| [53504] Microsoft Excel 2002 memory corruption
6629| [53503] Microsoft Excel 2002 Stack-Based memory corruption
6630| [53502] Microsoft Excel 2002 Heap-based memory corruption
6631| [53498] Microsoft Excel 2002 Stack-based memory corruption
6632| [53497] Microsoft Excel 2002 memory corruption
6633| [53496] Microsoft Excel 2002 memory corruption
6634| [53493] Microsoft Excel 2002/2003/2007 memory corruption
6635| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
6636| [53366] Microsoft ASP.NET 2.0 cross site scripting
6637| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
6638| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
6639| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
6640| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
6641| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
6642| [52773] Microsoft Visio 2002/2003/2007 memory corruption
6643| [52772] Microsoft Visio 2002/2003/2007 memory corruption
6644| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
6645| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
6646| [52543] Microsoft Virtual PC 2007 unknown vulnerability
6647| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
6648| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
6649| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
6650| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
6651| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
6652| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
6653| [4090] Microsoft Excel 2002/2003/2007 memory corruption
6654| [52036] Microsoft Windows 2000 MsgBox memory corruption
6655| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
6656| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
6657| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
6658| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
6659| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
6660| [51799] Microsoft PowerPoint 2002/2003 memory corruption
6661| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
6662| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
6663| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
6664| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
6665| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
6666| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
6667| [51074] Microsoft Office 2002/2003 Integer memory corruption
6668| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
6669| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
6670| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
6671| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
6672| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
6673| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
6674| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
6675| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
6676| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
6677| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
6678| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
6679| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
6680| [50443] Microsoft PowerPoint 2007 Integer memory corruption
6681| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
6682| [49866] Microsoft Windows Server 2003 memory corruption
6683| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
6684| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
6685| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
6686| [49745] Microsoft Windows Server 2003 denial of service
6687| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
6688| [49394] Microsoft Windows Server 2003 memory corruption
6689| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
6690| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
6691| [49198] Microsoft Visual Studio 2005 information disclosure
6692| [49047] Microsoft Virtual Server 2005 privilege escalation
6693| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
6694| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
6695| [49044] Microsoft ISA Server 2006 privilege escalation
6696| [3999] Microsoft Office 2007 Pointer memory corruption
6697| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
6698| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
6699| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
6700| [48517] Microsoft Windows 2000 Memory Leak memory corruption
6701| [48516] Microsoft Windows Server 2008 unknown vulnerability
6702| [48512] Microsoft Windows Server 2008 unknown vulnerability
6703| [48515] Microsoft Office Word Viewer 2003 memory corruption
6704| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
6705| [48554] Microsoft Excel 2000/2003/2007 memory corruption
6706| [48157] Microsoft PowerPoint 2002 Sound memory corruption
6707| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
6708| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
6709| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
6710| [48150] Microsoft PowerPoint 2002 Sound memory corruption
6711| [48147] Microsoft PowerPoint 2002 Sound memory corruption
6712| [48146] Microsoft PowerPoint 2002 Integer memory corruption
6713| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
6714| [48153] Microsoft PowerPoint 2002 Sound memory corruption
6715| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
6716| [48149] Microsoft PowerPoint 2002 memory corruption
6717| [48148] Microsoft PowerPoint 2002 Sound memory corruption
6718| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
6719| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
6720| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
6721| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
6722| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
6723| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
6724| [47719] Microsoft Windows 2000 Stack-based memory corruption
6725| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
6726| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
6727| [47715] Microsoft Windows 2000 Wordpad memory corruption
6728| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
6729| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
6730| [3952] Microsoft ISA Server 2004/2006 denial of service
6731| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
6732| [47091] Microsoft Windows Server 2008 unknown vulnerability
6733| [47090] Microsoft Windows Server 2008 unknown vulnerability
6734| [3939] Microsoft Windows 2000 DNS spoofing
6735| [3938] Microsoft Windows 2000 SSL weak authentication
6736| [3937] Microsoft Windows 2000 memory corruption
6737| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
6738| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
6739| [46455] Microsoft Exchange Server 2007 denial of service
6740| [46454] Microsoft Exchange Server 2007 memory corruption
6741| [46453] Microsoft Visio 2002/2003/2007 memory corruption
6742| [46452] Microsoft Visio 2002/2003/2007 memory corruption
6743| [46451] Microsoft Visio 2002/2003/2007 memory corruption
6744| [46327] Microsoft Word 2007 information disclosure
6745| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
6746| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
6747| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
6748| [45379] Microsoft Office SharePoint Server 2007 denial of service
6749| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
6750| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
6751| [3891] Microsoft Excel 2000/2002/2003 memory corruption
6752| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
6753| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
6754| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
6755| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
6756| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
6757| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
6758| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
6759| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
6760| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
6761| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
6762| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
6763| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
6764| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
6765| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
6766| [45197] Microsoft Windows 2000 nskey.dll memory corruption
6767| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
6768| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
6769| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
6770| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
6771| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
6772| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
6773| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
6774| [3844] Microsoft Excel 2003 REPT memory corruption
6775| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
6776| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
6777| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
6778| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
6779| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
6780| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
6781| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
6782| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
6783| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
6784| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
6785| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
6786| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
6787| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
6788| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
6789| [43657] Microsoft Office 2000/2003/Xp memory corruption
6790| [43654] Microsoft SharePoint Server 2007 memory corruption
6791| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
6792| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
6793| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
6794| [3796] Microsoft Office 2000 WPG memory corruption
6795| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
6796| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
6797| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
6798| [3792] Microsoft Office 2000 EPS File memory corruption
6799| [3783] Microsoft Word 2002 memory corruption
6800| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
6801| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
6802| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
6803| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
6804| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
6805| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
6806| [42816] Microsoft Word 2000/2003 memory corruption
6807| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
6808| [42731] Microsoft Windows Server 2003 denial of service
6809| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
6810| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
6811| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
6812| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
6813| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
6814| [41880] Microsoft Project 2000/2002/2003 memory corruption
6815| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
6816| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
6817| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
6818| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
6819| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
6820| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
6821| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
6822| [41453] Microsoft Excel 2000/2002/2003 memory corruption
6823| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
6824| [41451] Microsoft Excel 2000/2002/2003 memory corruption
6825| [41450] Microsoft Excel 2000 memory corruption
6826| [41449] Microsoft Excel 2000/2002/2003 memory corruption
6827| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
6828| [3648] Microsoft Excel 2003 memory corruption
6829| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
6830| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
6831| [41002] Microsoft Office 2000/2003/Xp memory corruption
6832| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
6833| [41000] Microsoft Works 2005/8.0 memory corruption
6834| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
6835| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
6836| [40987] Microsoft Windows 2000 denial of service
6837| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
6838| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
6839| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
6840| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
6841| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
6842| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
6843| [39655] Microsoft Windows Server 2003 spoofing
6844| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
6845| [3373] Microsoft Word 2000/2002 memory corruption
6846| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
6847| [38899] Microsoft ISA Server 2004 information disclosure
6848| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
6849| [38326] Microsoft Windows 2000 attemptwrite memory corruption
6850| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
6851| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
6852| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
6853| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
6854| [37738] Microsoft Office 2002/2003 memory corruption
6855| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
6856| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
6857| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
6858| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
6859| [37566] Microsoft Excel 2003 unknown vulnerability
6860| [37526] Microsoft Windows 2000/Server 2003 denial of service
6861| [37248] Microsoft Visio 2002 Packaging memory corruption
6862| [37251] Microsoft Windows 2000 memory corruption
6863| [3119] Microsoft Visio 2002 Object memory corruption
6864| [3118] Microsoft Visio 2002 Data memory corruption
6865| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
6866| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
6867| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
6868| [36616] Microsoft Works 2004/2005/2006 memory corruption
6869| [36621] Microsoft Exchange Server 2000 Integer denial of service
6870| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
6871| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
6872| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
6873| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
6874| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
6875| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
6876| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
6877| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
6878| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
6879| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
6880| [36039] Microsoft Content Management Server 2001 memory corruption
6881| [36052] Microsoft Windows 2000 Heap-based memory corruption
6882| [36051] Microsoft Word 2007 file798-1.doc memory corruption
6883| [36050] Microsoft Word 2007 file789-1.doc memory corruption
6884| [36040] Microsoft Content Management Server 2001 cross site scripting
6885| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
6886| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
6887| [36002] Microsoft Windows 2000/XP denial of service
6888| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
6889| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
6890| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
6891| [35373] Microsoft Excel 2003 denial of service
6892| [35372] Microsoft Office 2003 denial of service
6893| [35206] Microsoft Windows Server 2003/XP Crash denial of service
6894| [35161] Microsoft ISA Server 2004 unknown vulnerability
6895| [35236] Microsoft Publisher 2007 memory corruption
6896| [2939] Microsoft Word 2000 memory corruption
6897| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
6898| [34993] Microsoft Office 2000/2003/Xp memory corruption
6899| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
6900| [35000] Microsoft Word 2000/2002/2003 memory corruption
6901| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
6902| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
6903| [2884] Microsoft Word 2000/2002/2003 memory corruption
6904| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
6905| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
6906| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
6907| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
6908| [34322] Microsoft Office 2000/2003/Xp memory corruption
6909| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
6910| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
6911| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
6912| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
6913| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
6914| [34126] Microsoft Office 2003 memory corruption
6915| [34122] Microsoft Office Web Components 2000 memory corruption
6916| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
6917| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
6918| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
6919| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
6920| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
6921| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
6922| [33766] Microsoft Word 2000/2002/2003 memory corruption
6923| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
6924| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
6925| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
6926| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
6927| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
6928| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
6929| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
6930| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
6931| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
6932| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
6933| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
6934| [32693] Microsoft Word 2004 memory corruption
6935| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
6936| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
6937| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
6938| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
6939| [32694] Microsoft Windows 2000 memory corruption
6940| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6941| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
6942| [32687] Microsoft Word 2000/2002 memory corruption
6943| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
6944| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
6945| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
6946| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
6947| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
6948| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
6949| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
6950| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
6951| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
6952| [2593] Microsoft ASP.NET 2.0 cross site scripting
6953| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
6954| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
6955| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
6956| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
6957| [141635] Microsoft .NET Core 2.1/2.2 denial of service
6958| [141633] Microsoft Excel up to 2019 memory corruption
6959| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
6960| [141630] Microsoft Windows up to Server 2019 denial of service
6961| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
6962| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
6963| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
6964| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
6965| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
6966| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
6967| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
6968| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
6969| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
6970| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
6971| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
6972| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
6973| [141610] Microsoft Excel up to 2019 information disclosure
6974| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
6975| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
6976| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
6977| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
6978| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
6979| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
6980| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
6981| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
6982| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6983| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6984| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6985| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6986| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6987| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
6988| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
6989| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6990| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6991| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6992| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
6993| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
6994| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
6995| [141583] Microsoft Lync Server 2013 Conference directory traversal
6996| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
6997| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
6998| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
6999| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
7000| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
7001| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
7002| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
7003| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
7004| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
7005| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
7006| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
7007| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
7008| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
7009| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
7010| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
7011| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
7012| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
7013| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
7014| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
7015| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
7016| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
7017| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
7018| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
7019| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
7020| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
7021| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
7022| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
7023| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
7024| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
7025| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
7026| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
7027| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
7028| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
7029| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
7030| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
7031| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7032| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7033| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7034| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
7035| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
7036| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7037| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7038| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
7039| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
7040| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
7041| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
7042| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
7043| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
7044| [139911] Microsoft Windows up to Server 2019 denial of service
7045| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
7046| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
7047| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
7048| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7049| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7050| [139902] Microsoft Word up to 2019 memory corruption
7051| [139901] Microsoft Outlook up to 2019 memory corruption
7052| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
7053| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
7054| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7055| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7056| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
7057| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
7058| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
7059| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
7060| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
7061| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
7062| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
7063| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
7064| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
7065| [139877] Microsoft Outlook up to 2019 memory corruption
7066| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7067| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7068| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
7069| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
7070| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
7071| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
7072| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
7073| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
7074| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7075| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7076| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7077| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7078| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7079| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7080| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7081| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7082| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7083| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
7084| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
7085| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
7086| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
7087| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
7088| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
7089| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
7090| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7091| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7092| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7093| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
7094| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
7095| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
7096| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
7097| [137541] Microsoft Windows up to Server 2019 memory corruption
7098| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
7099| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
7100| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
7101| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
7102| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
7103| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
7104| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
7105| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
7106| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
7107| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
7108| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
7109| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
7110| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
7111| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
7112| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
7113| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
7114| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
7115| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
7116| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
7117| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
7118| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
7119| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
7120| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
7121| [136327] Microsoft Lync Server 2010/2013 denial of service
7122| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7123| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7124| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7125| [136323] Microsoft Windows up to Server 2019 denial of service
7126| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
7127| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7128| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
7129| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
7130| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
7131| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
7132| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
7133| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
7134| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
7135| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
7136| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
7137| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
7138| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
7139| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7140| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
7141| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
7142| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
7143| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7144| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7145| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7146| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7147| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7148| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7149| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
7150| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
7151| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
7152| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
7153| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
7154| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
7155| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
7156| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
7157| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
7158| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7159| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
7160| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
7161| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
7162| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7163| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
7164| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
7165| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7166| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7167| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
7168| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7169| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7170| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
7171| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
7172| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
7173| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7174| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7175| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7176| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7177| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7178| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7179| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7180| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7181| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7182| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7183| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
7184| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7185| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7186| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7187| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
7188| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
7189| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
7190| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
7191| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
7192| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
7193| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
7194| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
7195| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
7196| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7197| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7198| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
7199| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
7200| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
7201| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
7202| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
7203| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7204| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
7205| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
7206| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7207| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7208| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
7209| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
7210| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
7211| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
7212| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
7213| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
7214| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7215| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
7216| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7217| [133204] Microsoft Office/Excel up to 2019 memory corruption
7218| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7219| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7220| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7221| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7222| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
7223| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
7224| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
7225| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
7226| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7227| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
7228| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7229| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
7230| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
7231| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7232| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7233| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
7234| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
7235| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
7236| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
7237| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
7238| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
7239| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
7240| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
7241| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
7242| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
7243| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
7244| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
7245| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
7246| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
7247| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
7248| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
7249| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
7250| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
7251| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
7252| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
7253| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
7254| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
7255| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
7256| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
7257| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
7258| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
7259| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
7260| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
7261| [131658] Microsoft Windows up to Server 2019 information disclosure
7262| [131657] Microsoft Windows up to Server 2019 denial of service
7263| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
7264| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
7265| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
7266| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
7267| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
7268| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
7269| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
7270| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
7271| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7272| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
7273| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
7274| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
7275| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
7276| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
7277| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
7278| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
7279| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
7280| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
7281| [130832] Microsoft 2013 SP1 spoofing
7282| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
7283| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
7284| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
7285| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
7286| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
7287| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
7288| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7289| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
7290| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
7291| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
7292| [130814] Microsoft Windows up to Server 2019 privilege escalation
7293| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
7294| [130808] Microsoft Windows up to Server 2019 information disclosure
7295| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
7296| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
7297| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
7298| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
7299| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
7300| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
7301| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
7302| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7303| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
7304| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
7305| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
7306| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
7307| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
7308| [130792] Microsoft Windows up to Server 2019 HID information disclosure
7309| [130791] Microsoft Windows up to Server 2019 HID information disclosure
7310| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7311| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7312| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7313| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7314| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7315| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
7316| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
7317| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
7318| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
7319| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
7320| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
7321| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
7322| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
7323| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7324| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7325| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7326| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7327| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7328| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7329| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7330| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7331| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7332| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7333| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
7334| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
7335| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
7336| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
7337| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7338| [128745] Microsoft Office up to 2019 Word Macro information disclosure
7339| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7340| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7341| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
7342| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
7343| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
7344| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
7345| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
7346| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
7347| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
7348| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
7349| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
7350| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
7351| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
7352| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
7353| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
7354| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
7355| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
7356| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
7357| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
7358| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
7359| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
7360| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
7361| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
7362| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
7363| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
7364| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
7365| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
7366| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
7367| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
7368| [127817] Microsoft Excel up to 2019 information disclosure
7369| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
7370| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
7371| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
7372| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
7373| [127806] Microsoft Outlook up to 2019 memory corruption
7374| [127805] Microsoft Excel up to 2019 memory corruption
7375| [127804] Microsoft Excel up to 2019 memory corruption
7376| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
7377| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
7378| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
7379| [126755] Microsoft .NET Core 2.1 privilege escalation
7380| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
7381| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
7382| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
7383| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
7384| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7385| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
7386| [126744] Microsoft Office up to 2019 Word memory corruption
7387| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7388| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7389| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
7390| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
7391| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
7392| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
7393| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
7394| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
7395| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
7396| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7397| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7398| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
7399| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
7400| [126718] Microsoft Windows up to Server 2016 Search memory corruption
7401| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
7402| [126716] Microsoft Office up to 2019 Excel memory corruption
7403| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
7404| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
7405| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
7406| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
7407| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
7408| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
7409| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
7410| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
7411| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
7412| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
7413| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
7414| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
7415| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
7416| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
7417| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
7418| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
7419| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
7420| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7421| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7422| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7423| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7424| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
7425| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
7426| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
7427| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7428| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
7429| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
7430| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
7431| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
7432| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
7433| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
7434| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
7435| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
7436| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
7437| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
7438| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
7439| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
7440| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
7441| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
7442| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
7443| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
7444| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7445| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
7446| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
7447| [123849] Microsoft Windows up to Server 2016 SMB denial of service
7448| [123846] Microsoft Office 2016 on Win/Mac memory corruption
7449| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
7450| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7451| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7452| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
7453| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
7454| [123827] Microsoft Windows up to Server 2016 Image memory corruption
7455| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
7456| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
7457| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
7458| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
7459| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
7460| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
7461| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
7462| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
7463| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7464| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
7465| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
7466| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7467| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
7468| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
7469| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
7470| [122848] Microsoft Windows Security Feature 2FA weak authentication
7471| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
7472| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
7473| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
7474| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
7475| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7476| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
7477| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
7478| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
7479| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
7480| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
7481| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
7482| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7483| [121098] Microsoft Office 2016/2016 C2R memory corruption
7484| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
7485| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
7486| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7487| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
7488| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
7489| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
7490| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
7491| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
7492| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7493| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
7494| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7495| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7496| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7497| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7498| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7499| [119459] Microsoft Windows up to Server 2016 memory corruption
7500| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
7501| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
7502| [119455] Microsoft Windows up to Server 2016 denial of service
7503| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
7504| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
7505| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
7506| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
7507| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
7508| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
7509| [119436] Microsoft Windows up to Server 2016 memory corruption
7510| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
7511| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
7512| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
7513| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
7514| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
7515| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
7516| [117507] Microsoft Infopath 2013 SP1 memory corruption
7517| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
7518| [117504] Microsoft Office 2010 SP2 information disclosure
7519| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
7520| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
7521| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7522| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
7523| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
7524| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
7525| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
7526| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
7527| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7528| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7529| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7530| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7531| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7532| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7533| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
7534| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
7535| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
7536| [116132] Microsoft Office 2016 Memory information disclosure
7537| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7538| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
7539| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
7540| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
7541| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
7542| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
7543| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7544| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
7545| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
7546| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
7547| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
7548| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
7549| [116023] Microsoft Office up to 2016 C2R information disclosure
7550| [116022] Microsoft Excel 2010 SP2 memory corruption
7551| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
7552| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
7553| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7554| [116017] Microsoft Excel up to 2016 C2R memory corruption
7555| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
7556| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
7557| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
7558| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
7559| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
7560| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
7561| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
7562| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
7563| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
7564| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
7565| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
7566| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
7567| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
7568| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7569| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
7570| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
7571| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
7572| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7573| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7574| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7575| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7576| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7577| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7578| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7579| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7580| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7581| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7582| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7583| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
7584| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
7585| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
7586| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
7587| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
7588| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
7589| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
7590| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
7591| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
7592| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
7593| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
7594| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
7595| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
7596| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
7597| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
7598| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
7599| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
7600| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
7601| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
7602| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
7603| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
7604| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
7605| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
7606| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
7607| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
7608| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
7609| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
7610| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
7611| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
7612| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
7613| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
7614| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
7615| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
7616| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
7617| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
7618| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
7619| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
7620| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
7621| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
7622| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7623| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7624| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
7625| [113232] Microsoft Excel 2016 memory corruption
7626| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
7627| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
7628| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
7629| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
7630| [111567] Microsoft Office 2010/2013/2016 memory corruption
7631| [111564] Microsoft Word 2016 memory corruption
7632| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
7633| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
7634| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7635| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
7636| [110553] Microsoft Office 2016 C2R information disclosure
7637| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
7638| [110551] Microsoft Excel 2016 C2R memory corruption
7639| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
7640| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
7641| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
7642| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
7643| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
7644| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
7645| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
7646| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
7647| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
7648| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
7649| [107759] Microsoft Windows up to Server 2016 SMB denial of service
7650| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7651| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7652| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
7653| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
7654| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
7655| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
7656| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
7657| [107738] Microsoft Windows up to Server 2016 Search information disclosure
7658| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
7659| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
7660| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
7661| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7662| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7663| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7664| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
7665| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
7666| [107698] Microsoft Office 2016 memory corruption
7667| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
7668| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
7669| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7670| [106529] Microsoft PowerPoint 2016 memory corruption
7671| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
7672| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
7673| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
7674| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
7675| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
7676| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
7677| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
7678| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
7679| [106474] Microsoft Office 2016 memory corruption
7680| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
7681| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
7682| [106470] Microsoft Excel 2011 on Mac memory corruption
7683| [106455] Microsoft Exchange Server 2013/2016 information disclosure
7684| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
7685| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
7686| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
7687| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
7688| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
7689| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
7690| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
7691| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
7692| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
7693| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
7694| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
7695| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
7696| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
7697| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
7698| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
7699| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
7700| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
7701| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
7702| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
7703| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7704| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
7705| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
7706| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
7707| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
7708| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
7709| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
7710| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
7711| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
7712| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
7713| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
7714| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
7715| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
7716| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
7717| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
7718| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
7719| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
7720| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
7721| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
7722| [102463] Microsoft Project Server 2013 SP1 cross site scripting
7723| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
7724| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
7725| [102446] Microsoft Office up to 2016 privilege escalation
7726| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
7727| [102443] Microsoft Office up to 2016 privilege escalation
7728| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
7729| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
7730| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
7731| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
7732| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
7733| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
7734| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
7735| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
7736| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
7737| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7738| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
7739| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
7740| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7741| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
7742| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7743| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7744| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
7745| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
7746| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7747| [101019] Microsoft Skype for Business 2016 memory corruption
7748| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
7749| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
7750| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
7751| [101014] Microsoft Office 2010 SP2/2016 memory corruption
7752| [101013] Microsoft Office 2010 SP2/2016 memory corruption
7753| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7754| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7755| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7756| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
7757| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
7758| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
7759| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
7760| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
7761| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
7762| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
7763| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
7764| [98096] Microsoft Exchange 2013 SP1 privilege escalation
7765| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
7766| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
7767| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
7768| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
7769| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
7770| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
7771| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
7772| [98081] Microsoft Excel up to 2016 information disclosure
7773| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7774| [98079] Microsoft Word 2016 memory corruption
7775| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
7776| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
7777| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
7778| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
7779| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
7780| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
7781| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
7782| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
7783| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
7784| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
7785| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
7786| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
7787| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
7788| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
7789| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
7790| [94451] Microsoft Office 2011 memory corruption
7791| [94447] Microsoft Office 2010 SP2 memory corruption
7792| [94446] Microsoft Office 2016 memory corruption
7793| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
7794| [94443] Microsoft Office up to 2016 information disclosure
7795| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
7796| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
7797| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
7798| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
7799| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
7800| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
7801| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
7802| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
7803| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
7804| [93393] Microsoft Office up to 2016 memory corruption
7805| [93392] Microsoft Office up to 2016 memory corruption
7806| [93391] Microsoft Office up to 2016 memory corruption
7807| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
7808| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
7809| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
7810| [92584] Microsoft Office up to 2016 memory corruption
7811| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
7812| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
7813| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
7814| [91555] Microsoft Exchange 2013/2016 Link spoofing
7815| [91550] Microsoft Office 2016 memory corruption
7816| [91547] Microsoft Office 2010 memory corruption
7817| [91543] Microsoft Office up to 2016 memory corruption
7818| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
7819| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
7820| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
7821| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
7822| [89043] Microsoft Office up to 2016 memory corruption
7823| [89041] Microsoft Office up to 2016 memory corruption
7824| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
7825| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
7826| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7827| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
7828| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
7829| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
7830| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
7831| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
7832| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
7833| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
7834| [87936] Microsoft Office up to 2016 memory corruption
7835| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
7836| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
7837| [87149] Microsoft Office up to 2016 memory corruption
7838| [87148] Microsoft Office 2010 Graphics memory corruption
7839| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
7840| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
7841| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
7842| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
7843| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
7844| [81274] Microsoft Office up to 2016 memory corruption
7845| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
7846| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
7847| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
7848| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7849| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
7850| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
7851| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
7852| [80870] Microsoft Office up to 2016 memory corruption
7853| [80868] Microsoft Office up to 2016 memory corruption
7854| [80867] Microsoft Office up to 2016 memory corruption
7855| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
7856| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
7857| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
7858| [80231] Microsoft Excel up to 2016 Office Document memory corruption
7859| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
7860| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
7861| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
7862| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
7863| [80218] Microsoft Office up to 2016 ASLR privilege escalation
7864| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
7865| [80216] Microsoft Office up to 2016 Office Document memory corruption
7866| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
7867| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
7868| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
7869| [79500] Microsoft Office 2010/2011/2016 memory corruption
7870| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
7871| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
7872| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
7873| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
7874| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
7875| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
7876| [77638] Microsoft Lync Server 2013 cross site scripting
7877| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7878| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
7879| [77050] Microsoft Office up to 2016 memory corruption
7880| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
7881| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
7882| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
7883| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
7884| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
7885| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
7886| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
7887| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
7888| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
7889| [66976] Microsoft Access 2010 VBA Datatype denial of service
7890| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
7891| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
7892| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
7893| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
7894| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
7895| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
7896| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
7897| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
7898| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
7899| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
7900| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
7901| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
7902| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
7903| [69156] Microsoft Office 2010 Object memory corruption
7904| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
7905| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
7906| [68191] Microsoft SharePoint 2010 cross site scripting
7907| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
7908| [67518] Microsoft Lync 2013 denial of service
7909| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
7910| [67516] Microsoft Lync 2010/2013 denial of service
7911| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
7912| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
7913| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
7914| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
7915| [13228] Microsoft Office 2013 Document privilege escalation
7916| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
7917| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
7918| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
7919| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
7920| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
7921| [12183] Microsoft .NET Framework 2/4 DTD denial of service
7922| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
7923| [11468] Microsoft Exchange 2010/2013 cross site scripting
7924| [11466] Microsoft Office 2013 File Response information disclosure
7925| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
7926| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
7927| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
7928| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
7929| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
7930| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
7931| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
7932| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
7933| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
7934| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
7935| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
7936| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
7937| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
7938| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
7939| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
7940| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
7941| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
7942| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
7943| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
7944| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
7945| [7343] Microsoft Lync 2012 HTTP Format String
7946| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
7947| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
7948| [6831] Microsoft Office Picture Manager 2010 File memory corruption
7949| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
7950| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
7951| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
7952| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
7953| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
7954| [5641] Microsoft SharePoint 2010 cross site scripting
7955| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
7956| [12311] Microsoft Lync 2010 Search race condition
7957| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
7958| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
7959| [60208] Microsoft Visio Viewer 2010 memory corruption
7960| [60207] Microsoft Visio Viewer 2010 memory corruption
7961| [60206] Microsoft Visio Viewer 2010 memory corruption
7962| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
7963| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
7964| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
7965| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
7966| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
7967| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
7968| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
7969| [4424] Microsoft Host Integration Server up to 2010 denial of service
7970| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
7971| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
7972| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
7973| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
7974| [4414] Microsoft SharePoint 2010 cross site scripting
7975| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
7976| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
7977| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
7978| [56028] Microsoft Data Access Components 2.8 memory corruption
7979| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
7980| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
7981| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
7982| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
7983| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
7984| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
7985| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
7986| [4009] Microsoft NET Framework 2.x/3.x denial of service
7987| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
7988| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
7989| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
7990| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
7991| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
7992| [32692] Microsoft XML Core Services up to 2.6 memory corruption
7993| [32691] Microsoft XML Core Services up to 2.6 memory corruption
7994|
7995| MITRE CVE - https://cve.mitre.org:
7996| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
7997| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
7998| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
7999| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
8000| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
8001| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
8002| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
8003| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
8004| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
8005| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
8006| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
8007| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
8008| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
8009| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
8010| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
8011| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
8012| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
8013| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
8014| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
8015| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
8016| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
8017| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
8018| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
8019| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
8020| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
8021| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
8022| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
8023| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
8024| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
8025| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
8026| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
8027| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
8028| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
8029| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
8030| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
8031| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
8032| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
8033| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
8034| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
8035| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
8036| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
8037| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
8038| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
8039| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
8040| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
8041| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
8042| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
8043| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
8044| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
8045| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8046| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8047| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8048| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8049| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8050| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8051| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8052| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8053| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8054| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8055| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8056| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8057| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8058| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8059| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8060| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8061| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8062| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8063| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8064| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8065| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8066| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8067| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8068| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8069| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8070| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8071| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8072| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8073| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8074| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8075| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
8076| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
8077| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
8078| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
8079| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
8080| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
8081| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
8082| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
8083| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
8084| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
8085| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
8086| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
8087| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
8088| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
8089| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
8090| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
8091| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
8092| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
8093| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
8094| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
8095| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
8096| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
8097| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
8098| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
8099| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
8100| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8101| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
8102| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
8103| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
8104| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8105| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
8106| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
8107| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
8108| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
8109| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
8110| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
8111| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
8112| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
8113| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
8114| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8115| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8116| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
8117| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
8118| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
8119| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
8120| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
8121| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
8122| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
8123| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
8124| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
8125| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
8126| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
8127| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8128| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
8129| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
8130| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
8131| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8132| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
8133| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
8134| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
8135| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
8136| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
8137| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
8138| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
8139| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
8140| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
8141| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
8142| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8143| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
8144| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
8145| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
8146| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
8147| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
8148| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
8149| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
8150| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
8151| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
8152| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
8153| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
8154| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
8155| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
8156| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
8157| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
8158| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
8159| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8160| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
8161| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
8162| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
8163| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
8164| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
8165| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
8166| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
8167| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
8168| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
8169| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8170| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8171| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
8172| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
8173| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
8174| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
8175| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
8176| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
8177| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
8178| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
8179| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
8180| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
8181| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
8182| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
8183| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
8184| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
8185| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
8186| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
8187| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
8188| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
8189| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
8190| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
8191| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
8192| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
8193| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
8194| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
8195| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
8196| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
8197| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
8198| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
8199| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
8200| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
8201| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
8202| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
8203| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
8204| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
8205| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
8206| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
8207| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
8208| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
8209| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
8210| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
8211| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
8212| [CVE-2011-1990] Microsoft Excel 2007 SP2
8213| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
8214| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
8215| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
8216| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
8217| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
8218| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
8219| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
8220| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
8221| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
8222| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
8223| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
8224| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
8225| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
8226| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
8227| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
8228| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
8229| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
8230| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
8231| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
8232| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
8233| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
8234| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
8235| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
8236| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
8237| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8238| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8239| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8240| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8241| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8242| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8243| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8244| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8245| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8246| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8247| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
8248| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8249| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8250| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8251| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
8252| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
8253| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
8254| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
8255| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
8256| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
8257| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
8258| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
8259| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
8260| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
8261| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
8262| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
8263| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
8264| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
8265| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
8266| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8267| [CVE-2011-1275] Microsoft Excel 2002 SP3
8268| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8269| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8270| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8271| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
8272| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
8273| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
8274| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
8275| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
8276| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
8277| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
8278| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
8279| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
8280| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
8281| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
8282| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8283| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8284| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8285| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8286| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8287| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8288| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8289| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8290| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8291| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8292| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8293| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8294| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8295| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8296| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8297| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8298| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8299| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8300| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
8301| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8302| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8303| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
8304| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
8305| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8306| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8307| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8308| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8309| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8310| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8311| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8312| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8313| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8314| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8315| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
8316| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8317| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
8318| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
8319| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
8320| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
8321| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8322| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
8323| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
8324| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
8325| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
8326| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
8327| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
8328| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
8329| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8330| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8331| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
8332| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
8333| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
8334| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
8335| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
8336| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
8337| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
8338| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
8339| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
8340| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
8341| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
8342| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
8343| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
8344| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
8345| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
8346| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
8347| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
8348| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
8349| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
8350| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
8351| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
8352| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
8353| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
8354| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
8355| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
8356| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
8357| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
8358| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
8359| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
8360| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
8361| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
8362| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
8363| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
8364| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
8365| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
8366| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
8367| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
8368| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
8369| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
8370| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
8371| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
8372| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
8373| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
8374| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
8375| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
8376| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
8377| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
8378| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
8379| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
8380| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
8381| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
8382| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
8383| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
8384| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
8385| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
8386| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
8387| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
8388| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
8389| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
8390| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
8391| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
8392| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
8393| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
8394| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
8395| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
8396| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
8397| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
8398| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
8399| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
8400| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
8401| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
8402| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
8403| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
8404| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
8405| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
8406| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
8407| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
8408| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
8409| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
8410| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
8411| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
8412| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
8413| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8414| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
8415| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
8416| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
8417| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
8418| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
8419| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
8420| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
8421| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
8422| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
8423| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
8424| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
8425| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
8426| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
8427| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
8428| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
8429| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
8430| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
8431| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
8432| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
8433| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
8434| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
8435| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
8436| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
8437| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
8438| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
8439| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
8440| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
8441| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
8442| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
8443| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
8444| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
8445| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
8446| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
8447| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
8448| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
8449| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
8450| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
8451| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
8452| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
8453| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
8454| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
8455| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
8456| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
8457| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
8458| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
8459| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
8460| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
8461| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
8462| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
8463| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
8464| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
8465| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
8466| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
8467| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
8468| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
8469| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
8470| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
8471| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
8472| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
8473| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
8474| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
8475| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
8476| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
8477| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
8478| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
8479| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
8480| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
8481| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
8482| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
8483| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
8484| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
8485| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
8486| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
8487| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
8488| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
8489| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
8490| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
8491| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
8492| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
8493| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
8494| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
8495| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
8496| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
8497| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
8498| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
8499| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
8500| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
8501| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
8502| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
8503| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
8504| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
8505| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
8506| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
8507| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
8508| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
8509| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
8510| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
8511| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
8512| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
8513| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
8514| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
8515| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
8516| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
8517| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
8518| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
8519| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
8520| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
8521| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
8522| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
8523| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
8524| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
8525| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
8526| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
8527| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
8528| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
8529| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
8530| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8531| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
8532| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
8533| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
8534| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
8535| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
8536| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
8537| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
8538| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
8539| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
8540| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
8541| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
8542| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
8543| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
8544| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
8545| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
8546| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
8547| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
8548| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
8549| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
8550| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
8551| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
8552| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
8553| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
8554| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
8555| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
8556| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
8557| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
8558| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
8559| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
8560| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
8561| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
8562| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
8563| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
8564| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
8565| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
8566| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
8567| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
8568| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
8569| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
8570| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
8571| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
8572| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
8573| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
8574| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
8575| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
8576| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
8577| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
8578| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
8579| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
8580| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
8581| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
8582| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8583| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
8584| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8585| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8586| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
8587| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8588| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
8589| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
8590| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
8591| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
8592| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
8593| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
8594| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
8595| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
8596| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
8597| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
8598| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
8599| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
8600| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
8601| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
8602| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
8603| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
8604| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
8605| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
8606| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
8607| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
8608| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
8609| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
8610| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
8611| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
8612| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
8613| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
8614| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
8615| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
8616| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
8617| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
8618| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
8619| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
8620| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
8621| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
8622| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
8623| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
8624| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
8625| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
8626| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
8627| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
8628| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
8629| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
8630| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
8631| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
8632| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
8633| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
8634| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
8635| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
8636| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
8637| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
8638| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
8639| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
8640| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
8641| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
8642| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
8643| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
8644| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
8645| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
8646| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
8647| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
8648| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
8649| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
8650| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
8651| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
8652| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
8653| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
8654| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
8655| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
8656| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
8657| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
8658| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
8659| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
8660| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
8661| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
8662| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
8663| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
8664| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
8665| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
8666| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
8667| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8668| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
8669| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8670| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8671| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
8672| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
8673| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8674| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
8675| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
8676| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
8677| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
8678| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
8679| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
8680| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
8681| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
8682| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
8683| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
8684| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
8685| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
8686| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
8687| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
8688| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
8689| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
8690| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
8691| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
8692| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
8693| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
8694| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
8695| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
8696| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
8697| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
8698| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
8699| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
8700| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
8701| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
8702| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
8703| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
8704| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
8705| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
8706| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
8707| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
8708| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
8709| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
8710| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
8711| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
8712| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
8713| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
8714| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
8715| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
8716| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
8717| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
8718| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
8719| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
8720| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
8721| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
8722| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
8723| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
8724| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
8725| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
8726| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
8727| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
8728| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
8729| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
8730| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
8731| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
8732| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
8733| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
8734| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
8735| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8736| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
8737| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
8738| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
8739| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
8740| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
8741| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
8742| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
8743| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
8744| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8745| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
8746| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
8747| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
8748| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
8749| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
8750| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
8751| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
8752| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
8753| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
8754| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
8755| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
8756| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8757| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8758| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8759| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8760| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8761| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
8762| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
8763| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
8764| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
8765| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
8766| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
8767| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
8768| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
8769| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
8770| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
8771| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
8772| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
8773| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
8774| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
8775| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8776| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
8777| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8778| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
8779| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8780| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
8781| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
8782| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
8783| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
8784| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
8785| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
8786| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
8787| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
8788| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
8789| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
8790| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
8791| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
8792| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
8793| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
8794| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
8795| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
8796| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
8797| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
8798| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
8799| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
8800| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
8801| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
8802| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
8803| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
8804| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
8805| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
8806| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
8807| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
8808| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
8809| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
8810| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
8811| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
8812| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
8813| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
8814| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
8815| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
8816| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
8817| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
8818| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
8819| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
8820| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
8821| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
8822| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
8823| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
8824| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
8825| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
8826| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
8827| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
8828| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
8829| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
8830| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
8831| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
8832| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
8833| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
8834| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
8835| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
8836| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
8837| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
8838| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
8839| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
8840| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
8841| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
8842| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
8843| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
8844| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
8845| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
8846| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
8847| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
8848| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
8849| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
8850| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
8851| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
8852| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
8853| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
8854| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
8855| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
8856| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
8857| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
8858| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
8859| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
8860| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
8861| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
8862| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
8863| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
8864| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
8865| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
8866| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
8867| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
8868| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
8869| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
8870| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
8871| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
8872| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
8873| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
8874| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
8875| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
8876| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
8877| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
8878| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
8879| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
8880| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
8881| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
8882| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
8883| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
8884| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
8885| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
8886| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
8887| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
8888| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
8889| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
8890| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
8891| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
8892| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
8893| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
8894| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
8895| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
8896| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
8897| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
8898| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
8899| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
8900| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
8901| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
8902| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
8903| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
8904| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
8905| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
8906| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
8907| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
8908| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
8909| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
8910| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
8911| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
8912| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
8913| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
8914| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
8915| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
8916| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
8917| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
8918| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
8919| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
8920| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
8921| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
8922| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
8923| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
8924| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
8925| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
8926| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
8927| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
8928| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
8929| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
8930| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
8931| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
8932| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
8933| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
8934| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
8935| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
8936| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
8937| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
8938| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
8939| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
8940| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
8941| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
8942| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
8943| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
8944| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
8945| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
8946| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
8947| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
8948| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
8949| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
8950| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
8951| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
8952| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
8953| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
8954| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
8955| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
8956| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
8957| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
8958| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
8959| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
8960| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
8961| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
8962| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
8963| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
8964| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
8965| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
8966| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
8967| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
8968| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
8969| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
8970| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
8971| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
8972| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
8973| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
8974| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
8975| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
8976| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
8977| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
8978| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
8979| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
8980| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
8981| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
8982| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
8983| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
8984| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
8985| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
8986| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
8987| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
8988| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
8989| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
8990| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
8991| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
8992| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
8993| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
8994| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
8995| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
8996| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
8997| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
8998| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
8999| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
9000| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
9001| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
9002| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
9003| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
9004| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
9005| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
9006| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
9007| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
9008| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
9009| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
9010| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
9011| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
9012| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
9013| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
9014| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
9015| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
9016| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
9017| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
9018| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
9019| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
9020| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
9021| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
9022| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
9023| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
9024| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
9025| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
9026| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
9027| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
9028| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
9029| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
9030| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
9031| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
9032| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
9033| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
9034| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
9035| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
9036| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
9037| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
9038| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
9039| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
9040| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
9041| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
9042| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
9043| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
9044| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
9045| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
9046| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
9047| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
9048| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
9049| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
9050| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
9051| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
9052| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
9053| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
9054| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
9055| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
9056| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
9057| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
9058| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
9059| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
9060| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
9061| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
9062| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
9063| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
9064| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
9065| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
9066| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
9067| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
9068| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
9069| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
9070| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
9071| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
9072| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
9073| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
9074| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
9075| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
9076| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
9077| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
9078| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
9079| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
9080| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
9081| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
9082| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
9083| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
9084| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
9085| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
9086| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
9087| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
9088| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
9089| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
9090| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
9091| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
9092| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
9093| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
9094| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
9095| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
9096| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
9097| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
9098| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
9099| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
9100| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
9101| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
9102| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
9103| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
9104| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
9105| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
9106| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
9107| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
9108| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
9109| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
9110| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
9111| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
9112| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
9113| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
9114| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
9115| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
9116| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
9117| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
9118| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
9119| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
9120| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
9121| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
9122| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
9123| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
9124| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
9125| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
9126| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
9127| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
9128| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
9129| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
9130| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
9131| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
9132| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
9133| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
9134| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
9135| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
9136| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
9137| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
9138| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
9139| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
9140| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
9141| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
9142| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
9143| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
9144| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
9145| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
9146| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
9147| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
9148| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
9149| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
9150| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
9151| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
9152| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
9153| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
9154| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
9155| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
9156| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
9157| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
9158| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
9159| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
9160| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
9161| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
9162| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
9163| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
9164| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
9165| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
9166| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
9167| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
9168| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
9169| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
9170| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
9171| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
9172| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
9173| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
9174| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
9175| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
9176| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
9177| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
9178| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
9179| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
9180| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
9181| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
9182| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
9183| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
9184| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
9185| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
9186| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
9187| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
9188| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
9189| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
9190| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
9191| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
9192| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
9193| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
9194| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
9195| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
9196| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
9197| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
9198| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
9199| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
9200| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
9201| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
9202| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
9203| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
9204| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
9205| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
9206| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
9207| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
9208| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
9209| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
9210| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
9211| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
9212| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
9213| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
9214| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
9215| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
9216| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
9217| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
9218| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
9219| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
9220| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
9221| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
9222| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
9223| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
9224| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
9225| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
9226| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
9227| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
9228| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
9229| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
9230| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
9231| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
9232| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
9233| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
9234| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
9235| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
9236| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
9237| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
9238| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
9239| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
9240| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
9241| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
9242| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
9243| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
9244| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
9245| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
9246| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
9247| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
9248| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
9249| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
9250| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
9251| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
9252| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
9253| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
9254| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
9255| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
9256| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
9257| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
9258| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
9259| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
9260| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
9261| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
9262| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
9263| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
9264| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
9265| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
9266| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
9267| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
9268| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
9269| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
9270| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
9271| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
9272| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
9273| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
9274| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
9275| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
9276| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
9277| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
9278| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
9279| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
9280| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
9281| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
9282| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
9283| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
9284| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
9285| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
9286| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
9287| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
9288| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
9289| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
9290| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
9291| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
9292| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
9293| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
9294| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
9295| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
9296| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
9297| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
9298| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
9299| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
9300| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
9301| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
9302| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
9303| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
9304| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
9305| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
9306| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
9307| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
9308| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
9309| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
9310| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
9311| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
9312| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
9313| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
9314| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
9315| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
9316| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
9317| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
9318| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
9319| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
9320| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
9321| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
9322| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
9323| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
9324| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
9325| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
9326| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
9327| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
9328| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
9329| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
9330| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
9331| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
9332| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
9333| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
9334| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
9335| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
9336| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
9337| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
9338| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
9339| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
9340| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
9341| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
9342| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
9343| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
9344| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
9345| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
9346| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
9347| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
9348| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
9349| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
9350| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
9351| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
9352| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
9353| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
9354| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
9355| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
9356| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
9357| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
9358| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
9359| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
9360| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
9361| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
9362| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
9363| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
9364| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
9365| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
9366| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
9367| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
9368| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
9369| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
9370| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
9371| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
9372| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
9373| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
9374| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
9375| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
9376| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
9377| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
9378| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
9379| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
9380| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
9381| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
9382| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
9383| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
9384| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
9385| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
9386| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
9387| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
9388| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
9389| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
9390| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
9391| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
9392| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
9393| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
9394| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
9395| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
9396| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
9397| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
9398| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
9399| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
9400| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
9401| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
9402| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
9403| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
9404| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
9405| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
9406| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
9407| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
9408| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
9409| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
9410| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
9411| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
9412| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
9413| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
9414| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
9415| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
9416| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
9417| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
9418| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
9419| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
9420| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
9421| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
9422| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
9423| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
9424| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
9425| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
9426| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
9427| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
9428| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
9429| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
9430| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
9431| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
9432| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
9433| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
9434| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
9435| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
9436| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
9437| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
9438| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
9439| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
9440| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
9441| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
9442| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
9443| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
9444| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
9445| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
9446| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
9447| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
9448| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
9449| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
9450| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9451| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
9452| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
9453| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9454| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9455| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9456| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
9457| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
9458| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
9459| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
9460| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
9461| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
9462| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
9463| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
9464| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
9465| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
9466| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
9467| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
9468| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
9469| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
9470| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
9471| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
9472| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
9473| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
9474| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
9475| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
9476| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
9477| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
9478| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
9479| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
9480| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
9481| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
9482| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
9483| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
9484| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
9485| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
9486|
9487| SecurityFocus - https://www.securityfocus.com/bid/:
9488| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
9489| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
9490| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
9491| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
9492| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
9493| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
9494| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
9495| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
9496| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
9497| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
9498| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
9499| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
9500| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
9501| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
9502| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
9503| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
9504| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
9505| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
9506| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
9507| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
9508| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
9509| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
9510| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
9511| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
9512| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
9513| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
9514| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
9515| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
9516| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
9517| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
9518| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
9519| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
9520| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
9521| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
9522| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
9523| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
9524| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
9525| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
9526| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
9527| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
9528| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
9529| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
9530| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
9531| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
9532| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
9533| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
9534| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
9535| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
9536| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
9537| [22716] Microsoft Office 2003 Denial of Service Vulnerability
9538| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
9539| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
9540| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
9541| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
9542| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
9543| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
9544| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
9545| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
9546| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
9547| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
9548| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
9549| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
9550| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
9551| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
9552| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
9553| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
9554| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
9555| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
9556| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
9557| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
9558| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
9559| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
9560| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
9561| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
9562| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
9563| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
9564| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
9565| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
9566| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
9567| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
9568| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
9569| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
9570| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
9571| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
9572| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
9573| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
9574| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
9575| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
9576| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
9577| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
9578| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
9579| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
9580| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
9581| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
9582| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
9583| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
9584| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
9585| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
9586| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
9587| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
9588| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
9589| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
9590| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
9591| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
9592| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
9593| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
9594| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
9595| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
9596| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
9597| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
9598| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
9599| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
9600| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
9601| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
9602| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
9603| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
9604| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
9605| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
9606| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
9607| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
9608| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
9609| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
9610| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
9611| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
9612| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
9613| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
9614| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
9615| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
9616| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
9617| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
9618| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
9619| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
9620| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
9621| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
9622| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
9623| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
9624| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
9625| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
9626| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
9627| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
9628| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
9629| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
9630| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
9631| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
9632| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
9633| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
9634| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
9635| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
9636| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
9637| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
9638| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
9639| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
9640| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
9641| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
9642| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
9643| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
9644| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
9645| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
9646| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
9647| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
9648| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
9649| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
9650| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
9651| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
9652| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
9653| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
9654| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
9655| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
9656| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
9657| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
9658| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
9659| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
9660| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
9661| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
9662| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
9663| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
9664| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
9665| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
9666| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
9667| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
9668| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
9669| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
9670| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
9671| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
9672| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
9673| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
9674| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
9675| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
9676| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
9677| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
9678| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
9679| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
9680| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
9681| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
9682| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
9683| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
9684| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
9685| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
9686| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
9687| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
9688| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
9689| [1197] Microsoft Office 2000 UA Control Vulnerability
9690| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
9691| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
9692| [539] Microsoft Windows 2000 EFS Vulnerability
9693| [180] Microsoft Windows April Fools 2001 Vulnerability
9694| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
9695| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
9696| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
9697| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
9698| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
9699| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
9700| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
9701| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
9702| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
9703| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
9704| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
9705| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
9706| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
9707| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
9708| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
9709| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
9710| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
9711| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
9712| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
9713| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
9714| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
9715| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
9716| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
9717| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
9718| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
9719| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
9720| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
9721| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
9722| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
9723| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
9724| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
9725| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
9726| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
9727| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
9728| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
9729| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
9730| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
9731| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
9732| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
9733| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
9734| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
9735| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
9736| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
9737| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
9738| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
9739| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
9740| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
9741| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
9742| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
9743| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
9744| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
9745| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
9746| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
9747| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
9748| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
9749| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
9750| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
9751| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
9752| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
9753| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
9754| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
9755| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
9756| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
9757| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
9758| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
9759|
9760| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9761| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
9762| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
9763| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
9764| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
9765| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
9766| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
9767| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
9768| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
9769| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
9770| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
9771| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
9772| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
9773| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
9774| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
9775| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
9776| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
9777| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
9778| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
9779| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
9780| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
9781| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
9782| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
9783| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
9784| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
9785| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
9786| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
9787| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
9788| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
9789| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
9790| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
9791| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
9792| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
9793| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
9794| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
9795| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
9796| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
9797| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
9798| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
9799| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
9800| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
9801| [48595] Microsoft Word 2007 Email as PDF information disclosure
9802| [46102] Microsoft Windows 2003 SP2 is not installed on the system
9803| [46101] Microsoft Windows 2003 SP1 is not installed on the system
9804| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
9805| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
9806| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
9807| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
9808| [34599] Microsoft Windows Server 2003 terminal server security bypass
9809| [34473] Microsoft Office 2000 ActiveX control buffer overflow
9810| [33713] Microsoft Word 2007 multiple unspecified denial of service
9811| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
9812| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
9813| [31821] Microsoft Windows time zone update for year 2007
9814| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
9815| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
9816| [29546] Microsoft Windows 2000/2003 user logoff initiated
9817| [29545] Microsoft Windows 2000/2003 system time changed
9818| [29544] Microsoft Windows 2000/2003 system security access removed
9819| [29543] Microsoft Windows 2000/2003 security access granted
9820| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
9821| [29541] Microsoft Windows 2000/2003 primary security token issued
9822| [29540] Microsoft Windows 2000/2003 user password reset successful
9823| [29539] Microsoft Windows 2000/2003 object indirectly accessed
9824| [29538] Microsoft Windows 2000/2003 object handle duplicated
9825| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
9826| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
9827| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
9828| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
9829| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
9830| [29532] Microsoft Windows 2000/2003 IKE security association established
9831| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
9832| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
9833| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
9834| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
9835| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
9836| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
9837| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
9838| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
9839| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
9840| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
9841| [29521] Microsoft Windows 2000/2003 account name changed
9842| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
9843| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
9844| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
9845| [26118] Microsoft Office 2003 mailto: information disclosure
9846| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
9847| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
9848| [24473] Microsoft Windows 2000 event ID 565 not logged
9849| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
9850| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
9851| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
9852| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
9853| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
9854| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
9855| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
9856| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
9857| [22183] Microsoft Exchange Server 2003 public folder denial of service
9858| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
9859| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
9860| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
9861| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
9862| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
9863| [19629] Microsoft Exchange Server 2003 folder denial of service
9864| [17826] Microsoft Outlook 2003 CID security bypass
9865| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
9866| [17621] Microsoft Windows 2003 SMTP service code execution
9867| [17560] Microsoft Windows 2000 and XP GDI library denial of service
9868| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
9869| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
9870| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
9871| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
9872| [16907] Microsoft Windows 2003 users with Create global objects privilege
9873| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
9874| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
9875| [16704] Microsoft Windows 2000 Media Player control code execution
9876| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
9877| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
9878| [16570] Microsoft Windows 2003 Users with Create global objects privilege
9879| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
9880| [16562] Microsoft Windows 2003 Groups with "
9881| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
9882| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
9883| [16520] Microsoft Windows 2003 Create global objects privilege
9884| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
9885| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
9886| [16119] Microsoft Outlook 2000 URL spoofing
9887| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
9888| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
9889| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
9890| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
9891| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
9892| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
9893| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
9894| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
9895| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
9896| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
9897| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
9898| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
9899| [13426] Microsoft Windows 2000 and XP RPC race condition
9900| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
9901| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
9902| [13385] Microsoft Windows Server 2003 "
9903| [13211] Microsoft Windows 2000 and XP URG memory leak
9904| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
9905| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
9906| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
9907| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
9908| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
9909| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
9910| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
9911| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
9912| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
9913| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
9914| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
9915| [11901] Microsoft BizTalk Server 2002 SQL injection
9916| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
9917| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
9918| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
9919| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
9920| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
9921| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
9922| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
9923| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
9924| [11216] Microsoft Windows NT and 2000 command prompt denial of service
9925| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
9926| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
9927| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
9928| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
9929| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
9930| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
9931| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
9932| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
9933| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
9934| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
9935| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
9936| [9779] Microsoft Windows 2000 weak system partition permissions
9937| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
9938| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
9939| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
9940| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
9941| [8867] Microsoft Windows 2000 LanMan denial of service
9942| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
9943| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
9944| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
9945| [8739] Microsoft Windows 2000 DCOM memory leak
9946| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
9947| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
9948| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
9949| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
9950| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
9951| [8199] Microsoft Windows 2000 Terminal Services unlocked client
9952| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
9953| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
9954| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
9955| [8037] Microsoft Windows 2000 empty TCP packet denial of service
9956| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
9957| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
9958| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
9959| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
9960| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
9961| [7533] Microsoft Windows 2000 RunAs service denial of service
9962| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
9963| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
9964| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
9965| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
9966| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
9967| [7008] Microsoft Windows 2000 IrDA device denial of service
9968| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
9969| [6931] Microsoft Windows 2000 without Service Pack 2
9970| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
9971| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
9972| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
9973| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
9974| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
9975| [6669] Microsoft Windows 2000 Telnet system call denial of service
9976| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
9977| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
9978| [6666] Microsoft Windows 2000 Telnet username denial of service
9979| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
9980| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
9981| [6652] Microsoft Exchange 2000 OWA script execution
9982| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
9983| [6506] Microsoft Windows 2000 Server Kerberos denial of service
9984| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
9985| [6160] Microsoft Windows 2000 event viewer buffer overflow
9986| [6136] Microsoft Windows 2000 domain controller denial of service
9987| [6035] Microsoft Windows 2000 Server RDP denial of service
9988| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
9989| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
9990| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
9991| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
9992| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
9993| [5585] Microsoft Windows 2000 brute force attack
9994| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
9995| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
9996| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
9997| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
9998| [5263] Microsoft Office 2000 executes .dll without users knowledge
9999| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
10000| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
10001| [5203] Microsoft Windows 2000 still image service
10002| [5171] Microsoft Windows 2000 Local Security Policy corruption
10003| [5080] Microsoft Office 2000 HTML object tag buffer overflow
10004| [5033] Microsoft Windows 2000 without Service Pack 1
10005| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
10006| [5015] Microsoft Windows NT and 2000 executable path
10007| [4887] Microsoft Windows 2000 Kerberos ticket renewed
10008| [4886] Microsoft Windows 2000 logon session reconnected
10009| [4885] Microsoft Windows 2000 logon session disconnected
10010| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
10011| [4873] Microsoft Windows 2000 user account mapped for logon
10012| [4872] Microsoft Windows 2000 account logon failed
10013| [4871] Microsoft Windows 2000 account used for logon
10014| [4855] Microsoft Windows 2000 group type change
10015| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
10016| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
10017| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
10018| [4819] Microsoft Windows 2000 default SYSKEY configuration
10019| [4787] Microsoft Windows 2000 user account locked out
10020| [4786] Microsoft Windows 2000 computer account created
10021| [4785] Microsoft Windows 2000 computer account changed
10022| [4784] Microsoft Windows 2000 computer account deleted
10023| [4714] Microsoft Windows 2000 "
10024| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
10025| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
10026| [4138] Microsoft Windows 2000 system file integrity feature is disabled
10027| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
10028| [4085] Microsoft Windows 2000 non-Gregorial calendar error
10029| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
10030| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
10031| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
10032| [4080] Microsoft Windows 2000 AOL image support
10033| [4079] Microsoft Windows 2000 High Encryption Pack
10034| [3854] Microsoft Office 2000 security setting
10035| [1376] Microsoft Proxy 2.0 denial of service
10036| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
10037| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
10038| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
10039| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
10040| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
10041| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
10042| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
10043| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
10044| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
10045| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
10046| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
10047| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
10048| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
10049| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
10050| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
10051| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
10052| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
10053| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
10054| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
10055| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
10056| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
10057| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
10058| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
10059| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
10060| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
10061| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
10062| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
10063| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
10064| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
10065| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
10066| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
10067| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
10068| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
10069| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
10070| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
10071| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
10072| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
10073| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
10074| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
10075| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
10076| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
10077| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
10078| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
10079| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
10080| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
10081| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
10082| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
10083| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
10084| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
10085| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
10086| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
10087| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
10088| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
10089| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
10090| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
10091| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
10092| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
10093| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
10094| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
10095| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
10096| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
10097| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
10098| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
10099| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
10100| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
10101| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
10102| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
10103| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
10104| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
10105| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
10106| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
10107| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
10108| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
10109| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
10110| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
10111| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
10112| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
10113| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
10114| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
10115| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
10116| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
10117| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
10118| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
10119| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
10120| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
10121| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
10122| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
10123| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
10124| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
10125| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
10126| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
10127| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
10128| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
10129| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
10130| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
10131| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
10132| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
10133| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
10134| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
10135| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
10136| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
10137| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
10138| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
10139| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
10140| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
10141| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
10142| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
10143| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
10144| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
10145| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
10146| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
10147| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
10148| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
10149| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
10150| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
10151| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
10152| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
10153| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
10154| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
10155| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
10156| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
10157| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
10158| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
10159| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
10160| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
10161| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
10162| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
10163| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
10164| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
10165| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
10166| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
10167| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
10168| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
10169| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
10170| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
10171| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
10172| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
10173| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
10174| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
10175| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
10176| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
10177| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
10178| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
10179| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
10180| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
10181| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
10182| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
10183| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
10184| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
10185| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
10186| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
10187| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
10188| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
10189| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
10190| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
10191| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
10192| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
10193| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
10194| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
10195| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
10196| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
10197| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
10198| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
10199| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
10200| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
10201| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
10202| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
10203| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
10204| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
10205| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
10206| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
10207| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
10208| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
10209| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
10210| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
10211| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
10212| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
10213| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
10214| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
10215| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
10216| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
10217| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
10218| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
10219| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
10220| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
10221| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
10222| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
10223| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
10224| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
10225| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
10226| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
10227| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
10228| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
10229| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
10230| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
10231| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
10232| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
10233| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
10234| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
10235| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
10236| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
10237| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
10238| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
10239| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
10240| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
10241| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
10242| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
10243| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
10244| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
10245| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
10246| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
10247| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
10248| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
10249| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
10250| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
10251| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
10252| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
10253| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
10254| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
10255| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
10256| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
10257| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
10258| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
10259| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
10260| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
10261| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
10262| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
10263| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
10264| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
10265| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
10266| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
10267| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
10268| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
10269| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
10270| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
10271| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
10272| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
10273| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
10274| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
10275| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
10276| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
10277| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
10278| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
10279| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
10280| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
10281| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
10282| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
10283| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
10284| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
10285| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
10286| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
10287| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
10288| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
10289| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
10290| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
10291| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
10292| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
10293| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
10294| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
10295| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
10296| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
10297| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
10298| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
10299| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
10300| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
10301| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
10302| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
10303| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
10304| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
10305| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
10306| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
10307| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
10308| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
10309| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
10310| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
10311| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
10312| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
10313| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
10314| [9146] Microsoft Passport SDK 2.1 events reporting disabled
10315| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
10316| [9067] Microsoft Passport SDK 2.1 default test site exposure
10317| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
10318| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
10319| [9064] Microsoft Passport SDK 2.1 default time window exposure
10320| [1271] Microsoft IIS version 2 installed
10321| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
10322|
10323| Exploit-DB - https://www.exploit-db.com:
10324| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
10325| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
10326| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
10327| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
10328| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
10329| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
10330| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
10331| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
10332| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
10333| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
10334| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
10335| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
10336| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
10337| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
10338| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
10339| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
10340| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
10341| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
10342| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
10343| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
10344| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
10345| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
10346| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
10347| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
10348| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
10349| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
10350| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
10351| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
10352| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
10353| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
10354| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
10355| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
10356| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
10357| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
10358| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
10359| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
10360| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
10361| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
10362| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
10363| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
10364| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
10365| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
10366| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
10367| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
10368| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
10369| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
10370| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
10371| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
10372| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
10373| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
10374| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
10375| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
10376| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
10377| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
10378| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
10379| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
10380| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
10381| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
10382| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
10383| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
10384| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
10385| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
10386| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
10387| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
10388| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
10389| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
10390| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
10391| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
10392| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
10393| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
10394| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
10395| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
10396| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
10397| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
10398| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
10399| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
10400| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
10401| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
10402| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
10403| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
10404| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
10405| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
10406| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
10407| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
10408| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
10409| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
10410| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
10411| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
10412| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
10413| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
10414| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
10415| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
10416| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
10417| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
10418| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
10419| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
10420| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
10421| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
10422| [18334] Microsoft Office 2003 Home/Pro 0day
10423| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
10424| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
10425| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
10426| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
10427| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
10428| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
10429| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
10430| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
10431| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
10432| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
10433| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
10434| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
10435| [3690] microsoft office word 2007 - Multiple Vulnerabilities
10436| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
10437| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
10438| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
10439| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
10440| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
10441| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
10442| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
10443| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
10444| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
10445| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
10446| [22850] Microsoft Office OneNote 2010 Crash PoC
10447| [22679] Microsoft Visio 2010 Crash PoC
10448| [22655] Microsoft Publisher 2013 Crash PoC
10449| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
10450| [22330] Microsoft Office Excel 2010 Crash PoC
10451| [22310] Microsoft Office Publisher 2010 Crash PoC
10452| [22237] Microsoft Office Picture Manager 2010 Crash PoC
10453| [22215] Microsoft Office Word 2010 Crash PoC
10454| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
10455| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
10456| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
10457| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
10458| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
10459| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
10460| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
10461| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
10462| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
10463| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
10464|
10465| OpenVAS (Nessus) - http://www.openvas.org:
10466| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
10467| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
10468| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
10469| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
10470| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
10471| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
10472| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
10473| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
10474| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
10475| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
10476| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
10477| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
10478| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
10479|
10480| SecurityTracker - https://www.securitytracker.com:
10481| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
10482| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
10483| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
10484| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
10485| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
10486| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
10487| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
10488| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
10489| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
10490| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
10491| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
10492| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
10493| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
10494| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
10495| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
10496| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
10497| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
10498| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
10499| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
10500| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
10501| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
10502| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
10503| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
10504| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
10505| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
10506| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
10507| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
10508| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
10509| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
10510| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
10511| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
10512| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
10513| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
10514| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
10515| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
10516| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
10517| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
10518| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
10519| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
10520| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
10521| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
10522| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
10523| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
10524| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
10525| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
10526| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
10527| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
10528| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
10529| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
10530| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
10531| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
10532| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
10533| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
10534| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
10535| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
10536| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
10537| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
10538| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
10539| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
10540|
10541| OSVDB - http://www.osvdb.org:
10542| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
10543| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
10544| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
10545| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
10546| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
10547| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
10548| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
10549| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
10550| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
10551| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
10552| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
10553| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
10554| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
10555| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
10556| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
10557| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
10558| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
10559| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
10560| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
10561| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
10562| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
10563| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
10564| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
10565| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
10566| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
10567| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
10568| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
10569| [28539] Microsoft Word 2000 Unspecified Code Execution
10570| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
10571| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
10572| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
10573| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
10574| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
10575| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
10576| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
10577| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
10578| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
10579| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
10580| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
10581| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
10582| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
10583| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
10584| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
10585| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
10586| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
10587| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
10588| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
10589| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
10590| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
10591| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
10592| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
10593| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
10594| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
10595| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
10596| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
10597| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
10598| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
10599| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
10600| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
10601| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
10602| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
10603| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
10604| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
10605| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
10606| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
10607| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
10608| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
10609| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
10610| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
10611| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
10612| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
10613| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
10614| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
10615| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
10616| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
10617| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
10618| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
10619| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
10620| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
10621| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
10622| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
10623| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
10624| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
10625| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
10626| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
10627| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
10628| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
10629| [8243] Microsoft SMS Port 2702 DoS
10630| [7202] Microsoft PowerPoint 2000 File Loader Overflow
10631| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
10632| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
10633| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
10634| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
10635| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
10636| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
10637| [6965] Microsoft ISA Server 2000 SSL Packet DoS
10638| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
10639| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
10640| [5179] Microsoft Windows 2000 microsoft-ds DoS
10641| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
10642| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
10643| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
10644| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
10645| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
10646| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
10647| [4168] Microsoft Outlook 2002 mailto URI Script Injection
10648| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
10649| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
10650| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
10651| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
10652| [2244] Microsoft Windows 2000 ShellExecute() API Let
10653| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
10654| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
10655| [1764] Microsoft Windows 2000 Domain Controller DoS
10656| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
10657| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
10658| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
10659| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
10660| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
10661| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
10662| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
10663| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
10664| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
10665| [1399] Microsoft Windows 2000 Windows Station Access
10666| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
10667| [1297] Microsoft Windows 2000 Active Directory Object Attribute
10668| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
10669| [773] Microsoft Windows 2000 Group Policy File Lock DoS
10670| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
10671| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
10672| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
10673| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
10674| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
10675| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
10676|_
10677139/tcp closed netbios-ssn
10678443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
10679|_http-server-header: Microsoft-HTTPAPI/2.0
10680| vulscan: VulDB - https://vuldb.com:
10681| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
10682| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
10683| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
10684| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
10685| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
10686| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10687| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10688| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10689| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10690| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10691| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10692| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10693| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10694| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10695| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10696| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10697| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10698| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10699| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10700| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
10701| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
10702| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
10703| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
10704| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
10705| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
10706| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
10707| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
10708| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
10709| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
10710| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
10711| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
10712| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
10713| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
10714| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
10715| [114524] Microsoft ASP.NET Core 2.0 denial of service
10716| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
10717| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
10718| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
10719| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
10720| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
10721| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
10722| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
10723| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
10724| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
10725| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10726| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10727| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10728| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10729| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10730| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10731| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10732| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10733| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10734| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10735| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
10736| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
10737| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
10738| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
10739| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
10740| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
10741| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
10742| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
10743| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
10744| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
10745| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
10746| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10747| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
10748| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
10749| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10750| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10751| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10752| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
10753| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
10754| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10755| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10756| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
10757| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
10758| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
10759| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
10760| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
10761| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
10762| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10763| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
10764| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10765| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
10766| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
10767| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
10768| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
10769| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
10770| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
10771| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
10772| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
10773| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
10774| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
10775| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
10776| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
10777| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
10778| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
10779| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
10780| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
10781| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10782| [98085] Microsoft Excel 2007 SP3 memory corruption
10783| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
10784| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
10785| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
10786| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
10787| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
10788| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
10789| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
10790| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
10791| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
10792| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
10793| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10794| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10795| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
10796| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
10797| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
10798| [93541] Microsoft Office 2007 SP3 denial of service
10799| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
10800| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
10801| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
10802| [93396] Microsoft Office 2007/2010/2011 memory corruption
10803| [93395] Microsoft Office 2007/2010/2011 memory corruption
10804| [93394] Microsoft Office 2007/2010 memory corruption
10805| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
10806| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
10807| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10808| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
10809| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10810| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10811| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10812| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
10813| [91545] Microsoft Office 2007/2010 memory corruption
10814| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10815| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
10816| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
10817| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
10818| [90705] Microsoft Office 2007/2010/2011 memory corruption
10819| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
10820| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
10821| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
10822| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
10823| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
10824| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
10825| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
10826| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
10827| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
10828| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
10829| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
10830| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
10831| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
10832| [87147] Microsoft Office 2007/2010 memory corruption
10833| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
10834| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
10835| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
10836| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10837| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
10838| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
10839| [81272] Microsoft Office 2007/2010/2013 memory corruption
10840| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
10841| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10842| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10843| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
10844| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
10845| [79505] Microsoft Office 2007 memory corruption
10846| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
10847| [79503] Microsoft Office 2007/2010/2013 memory corruption
10848| [79502] Microsoft Office 2007/2010/2011 memory corruption
10849| [79501] Microsoft Office 2007/2010 memory corruption
10850| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
10851| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
10852| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
10853| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
10854| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
10855| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
10856| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
10857| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
10858| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
10859| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
10860| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
10861| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
10862| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
10863| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
10864| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
10865| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
10866| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10867| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
10868| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
10869| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
10870| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
10871| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
10872| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
10873| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
10874| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
10875| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
10876| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
10877| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
10878| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
10879| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
10880| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
10881| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
10882| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
10883| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10884| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10885| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10886| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
10887| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
10888| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
10889| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
10890| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
10891| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
10892| [68408] Microsoft Excel 2007/2010/2013 memory corruption
10893| [68407] Microsoft Excel 2007/2010 memory corruption
10894| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
10895| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
10896| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
10897| [68188] Microsoft Word 2007 File memory corruption
10898| [68187] Microsoft Word 2007 File memory corruption
10899| [68186] Microsoft Word 2007 File memory corruption
10900| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
10901| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
10902| [71337] Microsoft Office 2000/2004/XP memory corruption
10903| [67355] Microsoft OneNote 2007 File Processing privilege escalation
10904| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
10905| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
10906| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
10907| [13545] Microsoft Word 2007 Embedded Font memory corruption
10908| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
10909| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
10910| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
10911| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
10912| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
10913| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
10914| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
10915| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
10916| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
10917| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
10918| [12844] Microsoft Word 2007/2010 Office File memory corruption
10919| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
10920| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
10921| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
10922| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
10923| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
10924| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
10925| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
10926| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
10927| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
10928| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
10929| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
10930| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
10931| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
10932| [10648] Microsoft Word 2007 Word File memory corruption
10933| [10647] Microsoft Word 2003 Word File memory corruption
10934| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
10935| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
10936| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
10937| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
10938| [10244] Microsoft Office 2003 SP3 Word File memory corruption
10939| [10243] Microsoft Office 2003/2007 Word File memory corruption
10940| [10242] Microsoft Office 2007 Word File memory corruption
10941| [10241] Microsoft Office 2007 Word File memory corruption
10942| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
10943| [10239] Microsoft Office 2003/2007 Word File memory corruption
10944| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
10945| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
10946| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
10947| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10948| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10949| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10950| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
10951| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
10952| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
10953| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
10954| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
10955| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
10956| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
10957| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
10958| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
10959| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
10960| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
10961| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
10962| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
10963| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
10964| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
10965| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
10966| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
10967| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
10968| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
10969| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
10970| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
10971| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
10972| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
10973| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
10974| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
10975| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
10976| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
10977| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
10978| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
10979| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
10980| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
10981| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
10982| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
10983| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
10984| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
10985| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
10986| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
10987| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
10988| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
10989| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
10990| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
10991| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
10992| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
10993| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
10994| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
10995| [6830] Microsoft Word 2007/2010 File memory corruption
10996| [6819] Microsoft Excel 2007 File memory corruption
10997| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
10998| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
10999| [6621] Microsoft Word 2007 PAPX memory corruption
11000| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
11001| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
11002| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
11003| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
11004| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
11005| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
11006| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
11007| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
11008| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
11009| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
11010| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
11011| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
11012| [5643] Microsoft SharePoint 2007/2010 information disclosure
11013| [5642] Microsoft SharePoint 2007 cross site request forgery
11014| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
11015| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
11016| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
11017| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
11018| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
11019| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
11020| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
11021| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
11022| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
11023| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
11024| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
11025| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
11026| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
11027| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
11028| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
11029| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
11030| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
11031| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
11032| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
11033| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
11034| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
11035| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
11036| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
11037| [4480] Microsoft Excel 2003 memory corruption
11038| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
11039| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
11040| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
11041| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
11042| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
11043| [4470] Microsoft Office 2003 SP3 memory corruption
11044| [4453] Microsoft Excel 2003 Record Parser memory corruption
11045| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
11046| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
11047| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
11048| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
11049| [59005] Microsoft Host Integration Server 2004 denial of service
11050| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
11051| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
11052| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
11053| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
11054| [58488] Microsoft Office 2007/2010 memory corruption
11055| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
11056| [4411] Microsoft Excel 2003 memory corruption
11057| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
11058| [58240] Microsoft Visio 2003/2007 memory corruption
11059| [58237] Microsoft Visio 2003/2007/2010 memory corruption
11060| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
11061| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
11062| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
11063| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
11064| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
11065| [57691] Microsoft SQL Server 2008 Web Service information disclosure
11066| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
11067| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
11068| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
11069| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
11070| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
11071| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
11072| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
11073| [4369] Microsoft Excel 2002/2003/2007 memory corruption
11074| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
11075| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
11076| [57420] Microsoft PowerPoint 2002/2003 memory corruption
11077| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
11078| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
11079| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
11080| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
11081| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
11082| [57076] Microsoft Excel 2002/2003 memory corruption
11083| [57075] Microsoft Excel 2002/2003 memory corruption
11084| [57074] Microsoft Excel 2002 memory corruption
11085| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
11086| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
11087| [4332] Microsoft PowerPoint 2007/2010 memory corruption
11088| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
11089| [56475] Microsoft Office 2004/2008 memory corruption
11090| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
11091| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
11092| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
11093| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
11094| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
11095| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
11096| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
11097| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
11098| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
11099| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
11100| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
11101| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
11102| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
11103| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
11104| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
11105| [55765] Microsoft Office 2003/Xp Integer memory corruption
11106| [55764] Microsoft Office 2003/Xp memory corruption
11107| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
11108| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
11109| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
11110| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
11111| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
11112| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
11113| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
11114| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
11115| [55420] Microsoft Office 2007/2010 memory corruption
11116| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
11117| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
11118| [55411] Microsoft PowerPoint 2002/2003 memory corruption
11119| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
11120| [54995] Microsoft Office 2004/2008 memory corruption
11121| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
11122| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
11123| [54992] Microsoft Excel 2002 memory corruption
11124| [54991] Microsoft Office 2004 Future memory corruption
11125| [54990] Microsoft Office 2004 memory corruption
11126| [54989] Microsoft Office 2004/2008 memory corruption
11127| [54988] Microsoft Excel 2002 memory corruption
11128| [54987] Microsoft Excel 2002 memory corruption
11129| [54986] Microsoft Excel 2002/2003 memory corruption
11130| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
11131| [54984] Microsoft Office 2004/2008 memory corruption
11132| [54983] Microsoft Excel 2002 Integer memory corruption
11133| [54980] Microsoft Word 2002/2003 memory corruption
11134| [54979] Microsoft Word 2002 memory corruption
11135| [54978] Microsoft Word 2002 memory corruption
11136| [54977] Microsoft Word 2002 Heap-based memory corruption
11137| [54976] Microsoft Word 2002 memory corruption
11138| [54975] Microsoft Word 2002 memory corruption
11139| [54974] Microsoft Word 2002 memory corruption
11140| [54973] Microsoft Word 2002 memory corruption
11141| [54972] Microsoft Word 2002 memory corruption
11142| [54971] Microsoft Word 2002 memory corruption
11143| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
11144| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
11145| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
11146| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
11147| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
11148| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
11149| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
11150| [54554] Microsoft Groove 2007 mso.dll memory corruption
11151| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
11152| [54322] Microsoft Word 2002/2003 memory corruption
11153| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
11154| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
11155| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
11156| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
11157| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
11158| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
11159| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
11160| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
11161| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
11162| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
11163| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
11164| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
11165| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
11166| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
11167| [53505] Microsoft Excel 2002/2007 memory corruption
11168| [53501] Microsoft Excel 2002 memory corruption
11169| [53500] Microsoft Excel 2002 memory corruption
11170| [53499] Microsoft Excel 2002 memory corruption
11171| [53495] Microsoft Excel 2002/2003/2007 memory corruption
11172| [53494] Microsoft Excel 2002 Stack-based memory corruption
11173| [53504] Microsoft Excel 2002 memory corruption
11174| [53503] Microsoft Excel 2002 Stack-Based memory corruption
11175| [53502] Microsoft Excel 2002 Heap-based memory corruption
11176| [53498] Microsoft Excel 2002 Stack-based memory corruption
11177| [53497] Microsoft Excel 2002 memory corruption
11178| [53496] Microsoft Excel 2002 memory corruption
11179| [53493] Microsoft Excel 2002/2003/2007 memory corruption
11180| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
11181| [53366] Microsoft ASP.NET 2.0 cross site scripting
11182| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
11183| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
11184| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
11185| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
11186| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
11187| [52773] Microsoft Visio 2002/2003/2007 memory corruption
11188| [52772] Microsoft Visio 2002/2003/2007 memory corruption
11189| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
11190| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
11191| [52543] Microsoft Virtual PC 2007 unknown vulnerability
11192| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
11193| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
11194| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
11195| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
11196| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
11197| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
11198| [4090] Microsoft Excel 2002/2003/2007 memory corruption
11199| [52036] Microsoft Windows 2000 MsgBox memory corruption
11200| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
11201| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
11202| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
11203| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
11204| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
11205| [51799] Microsoft PowerPoint 2002/2003 memory corruption
11206| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
11207| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
11208| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
11209| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
11210| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
11211| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
11212| [51074] Microsoft Office 2002/2003 Integer memory corruption
11213| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
11214| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
11215| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
11216| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
11217| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
11218| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
11219| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
11220| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
11221| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
11222| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
11223| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
11224| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
11225| [50443] Microsoft PowerPoint 2007 Integer memory corruption
11226| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
11227| [49866] Microsoft Windows Server 2003 memory corruption
11228| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
11229| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
11230| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
11231| [49745] Microsoft Windows Server 2003 denial of service
11232| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
11233| [49394] Microsoft Windows Server 2003 memory corruption
11234| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
11235| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
11236| [49198] Microsoft Visual Studio 2005 information disclosure
11237| [49047] Microsoft Virtual Server 2005 privilege escalation
11238| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
11239| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
11240| [49044] Microsoft ISA Server 2006 privilege escalation
11241| [3999] Microsoft Office 2007 Pointer memory corruption
11242| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
11243| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
11244| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
11245| [48517] Microsoft Windows 2000 Memory Leak memory corruption
11246| [48516] Microsoft Windows Server 2008 unknown vulnerability
11247| [48512] Microsoft Windows Server 2008 unknown vulnerability
11248| [48515] Microsoft Office Word Viewer 2003 memory corruption
11249| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
11250| [48554] Microsoft Excel 2000/2003/2007 memory corruption
11251| [48157] Microsoft PowerPoint 2002 Sound memory corruption
11252| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
11253| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
11254| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
11255| [48150] Microsoft PowerPoint 2002 Sound memory corruption
11256| [48147] Microsoft PowerPoint 2002 Sound memory corruption
11257| [48146] Microsoft PowerPoint 2002 Integer memory corruption
11258| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
11259| [48153] Microsoft PowerPoint 2002 Sound memory corruption
11260| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
11261| [48149] Microsoft PowerPoint 2002 memory corruption
11262| [48148] Microsoft PowerPoint 2002 Sound memory corruption
11263| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
11264| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
11265| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
11266| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
11267| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
11268| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
11269| [47719] Microsoft Windows 2000 Stack-based memory corruption
11270| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
11271| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
11272| [47715] Microsoft Windows 2000 Wordpad memory corruption
11273| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
11274| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
11275| [3952] Microsoft ISA Server 2004/2006 denial of service
11276| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
11277| [47091] Microsoft Windows Server 2008 unknown vulnerability
11278| [47090] Microsoft Windows Server 2008 unknown vulnerability
11279| [3939] Microsoft Windows 2000 DNS spoofing
11280| [3938] Microsoft Windows 2000 SSL weak authentication
11281| [3937] Microsoft Windows 2000 memory corruption
11282| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
11283| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
11284| [46455] Microsoft Exchange Server 2007 denial of service
11285| [46454] Microsoft Exchange Server 2007 memory corruption
11286| [46453] Microsoft Visio 2002/2003/2007 memory corruption
11287| [46452] Microsoft Visio 2002/2003/2007 memory corruption
11288| [46451] Microsoft Visio 2002/2003/2007 memory corruption
11289| [46327] Microsoft Word 2007 information disclosure
11290| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
11291| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
11292| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
11293| [45379] Microsoft Office SharePoint Server 2007 denial of service
11294| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
11295| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
11296| [3891] Microsoft Excel 2000/2002/2003 memory corruption
11297| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
11298| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
11299| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
11300| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
11301| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
11302| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
11303| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
11304| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
11305| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
11306| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
11307| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
11308| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
11309| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
11310| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
11311| [45197] Microsoft Windows 2000 nskey.dll memory corruption
11312| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
11313| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
11314| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
11315| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
11316| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
11317| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
11318| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
11319| [3844] Microsoft Excel 2003 REPT memory corruption
11320| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
11321| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
11322| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
11323| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
11324| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
11325| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
11326| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
11327| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
11328| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
11329| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
11330| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
11331| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
11332| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
11333| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
11334| [43657] Microsoft Office 2000/2003/Xp memory corruption
11335| [43654] Microsoft SharePoint Server 2007 memory corruption
11336| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
11337| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
11338| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
11339| [3796] Microsoft Office 2000 WPG memory corruption
11340| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
11341| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
11342| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
11343| [3792] Microsoft Office 2000 EPS File memory corruption
11344| [3783] Microsoft Word 2002 memory corruption
11345| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
11346| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
11347| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
11348| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
11349| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
11350| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
11351| [42816] Microsoft Word 2000/2003 memory corruption
11352| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
11353| [42731] Microsoft Windows Server 2003 denial of service
11354| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
11355| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
11356| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
11357| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
11358| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
11359| [41880] Microsoft Project 2000/2002/2003 memory corruption
11360| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
11361| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
11362| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
11363| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
11364| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
11365| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
11366| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
11367| [41453] Microsoft Excel 2000/2002/2003 memory corruption
11368| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
11369| [41451] Microsoft Excel 2000/2002/2003 memory corruption
11370| [41450] Microsoft Excel 2000 memory corruption
11371| [41449] Microsoft Excel 2000/2002/2003 memory corruption
11372| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
11373| [3648] Microsoft Excel 2003 memory corruption
11374| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
11375| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
11376| [41002] Microsoft Office 2000/2003/Xp memory corruption
11377| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
11378| [41000] Microsoft Works 2005/8.0 memory corruption
11379| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
11380| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
11381| [40987] Microsoft Windows 2000 denial of service
11382| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
11383| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
11384| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
11385| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
11386| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
11387| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
11388| [39655] Microsoft Windows Server 2003 spoofing
11389| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
11390| [3373] Microsoft Word 2000/2002 memory corruption
11391| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
11392| [38899] Microsoft ISA Server 2004 information disclosure
11393| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
11394| [38326] Microsoft Windows 2000 attemptwrite memory corruption
11395| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
11396| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
11397| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
11398| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
11399| [37738] Microsoft Office 2002/2003 memory corruption
11400| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
11401| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
11402| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
11403| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
11404| [37566] Microsoft Excel 2003 unknown vulnerability
11405| [37526] Microsoft Windows 2000/Server 2003 denial of service
11406| [37248] Microsoft Visio 2002 Packaging memory corruption
11407| [37251] Microsoft Windows 2000 memory corruption
11408| [3119] Microsoft Visio 2002 Object memory corruption
11409| [3118] Microsoft Visio 2002 Data memory corruption
11410| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
11411| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
11412| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
11413| [36616] Microsoft Works 2004/2005/2006 memory corruption
11414| [36621] Microsoft Exchange Server 2000 Integer denial of service
11415| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
11416| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
11417| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
11418| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
11419| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
11420| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
11421| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
11422| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
11423| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
11424| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
11425| [36039] Microsoft Content Management Server 2001 memory corruption
11426| [36052] Microsoft Windows 2000 Heap-based memory corruption
11427| [36051] Microsoft Word 2007 file798-1.doc memory corruption
11428| [36050] Microsoft Word 2007 file789-1.doc memory corruption
11429| [36040] Microsoft Content Management Server 2001 cross site scripting
11430| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
11431| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
11432| [36002] Microsoft Windows 2000/XP denial of service
11433| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
11434| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
11435| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
11436| [35373] Microsoft Excel 2003 denial of service
11437| [35372] Microsoft Office 2003 denial of service
11438| [35206] Microsoft Windows Server 2003/XP Crash denial of service
11439| [35161] Microsoft ISA Server 2004 unknown vulnerability
11440| [35236] Microsoft Publisher 2007 memory corruption
11441| [2939] Microsoft Word 2000 memory corruption
11442| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
11443| [34993] Microsoft Office 2000/2003/Xp memory corruption
11444| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
11445| [35000] Microsoft Word 2000/2002/2003 memory corruption
11446| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
11447| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
11448| [2884] Microsoft Word 2000/2002/2003 memory corruption
11449| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
11450| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
11451| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
11452| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
11453| [34322] Microsoft Office 2000/2003/Xp memory corruption
11454| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
11455| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
11456| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
11457| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
11458| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
11459| [34126] Microsoft Office 2003 memory corruption
11460| [34122] Microsoft Office Web Components 2000 memory corruption
11461| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
11462| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
11463| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
11464| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
11465| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
11466| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
11467| [33766] Microsoft Word 2000/2002/2003 memory corruption
11468| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
11469| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
11470| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
11471| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
11472| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
11473| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
11474| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
11475| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
11476| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
11477| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
11478| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
11479| [32693] Microsoft Word 2004 memory corruption
11480| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
11481| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
11482| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
11483| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
11484| [32694] Microsoft Windows 2000 memory corruption
11485| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
11486| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
11487| [32687] Microsoft Word 2000/2002 memory corruption
11488| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
11489| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
11490| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
11491| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
11492| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
11493| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
11494| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
11495| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
11496| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
11497| [2593] Microsoft ASP.NET 2.0 cross site scripting
11498| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
11499| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
11500| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
11501| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
11502| [141635] Microsoft .NET Core 2.1/2.2 denial of service
11503| [141633] Microsoft Excel up to 2019 memory corruption
11504| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
11505| [141630] Microsoft Windows up to Server 2019 denial of service
11506| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
11507| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
11508| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
11509| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
11510| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
11511| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
11512| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
11513| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
11514| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
11515| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
11516| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
11517| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
11518| [141610] Microsoft Excel up to 2019 information disclosure
11519| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11520| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
11521| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
11522| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
11523| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
11524| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
11525| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
11526| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11527| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11528| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11529| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11530| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11531| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11532| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11533| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11534| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11535| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11536| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11537| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11538| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
11539| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
11540| [141583] Microsoft Lync Server 2013 Conference directory traversal
11541| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
11542| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
11543| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
11544| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
11545| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
11546| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
11547| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
11548| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
11549| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11550| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11551| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11552| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11553| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
11554| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
11555| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
11556| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
11557| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
11558| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
11559| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
11560| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
11561| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
11562| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
11563| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
11564| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
11565| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
11566| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
11567| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
11568| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
11569| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
11570| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
11571| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
11572| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
11573| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
11574| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
11575| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11576| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11577| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11578| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11579| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11580| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11581| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11582| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11583| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11584| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
11585| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
11586| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11587| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11588| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
11589| [139911] Microsoft Windows up to Server 2019 denial of service
11590| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11591| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
11592| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
11593| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11594| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11595| [139902] Microsoft Word up to 2019 memory corruption
11596| [139901] Microsoft Outlook up to 2019 memory corruption
11597| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
11598| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11599| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11600| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11601| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
11602| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
11603| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
11604| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
11605| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
11606| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
11607| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11608| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
11609| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
11610| [139877] Microsoft Outlook up to 2019 memory corruption
11611| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11612| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11613| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
11614| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
11615| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
11616| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
11617| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
11618| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
11619| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11620| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11621| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11622| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11623| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11624| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11625| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11626| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11627| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11628| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
11629| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
11630| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11631| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
11632| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
11633| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
11634| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
11635| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11636| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11637| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11638| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
11639| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
11640| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
11641| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
11642| [137541] Microsoft Windows up to Server 2019 memory corruption
11643| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
11644| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
11645| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
11646| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
11647| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
11648| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
11649| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
11650| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
11651| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
11652| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
11653| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
11654| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
11655| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
11656| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
11657| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
11658| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
11659| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
11660| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
11661| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
11662| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11663| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11664| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
11665| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11666| [136327] Microsoft Lync Server 2010/2013 denial of service
11667| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11668| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11669| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11670| [136323] Microsoft Windows up to Server 2019 denial of service
11671| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
11672| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11673| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
11674| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
11675| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
11676| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
11677| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
11678| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
11679| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
11680| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11681| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
11682| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
11683| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11684| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11685| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
11686| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
11687| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
11688| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11689| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11690| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11691| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11692| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11693| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11694| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
11695| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
11696| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
11697| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
11698| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11699| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
11700| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
11701| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11702| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
11703| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
11704| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
11705| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
11706| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
11707| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11708| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
11709| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
11710| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11711| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11712| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
11713| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11714| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11715| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
11716| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
11717| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11718| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11719| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11720| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11721| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11722| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11723| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11724| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11725| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11726| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11727| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11728| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
11729| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11730| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11731| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11732| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
11733| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
11734| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
11735| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
11736| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
11737| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
11738| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
11739| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
11740| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
11741| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11742| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11743| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
11744| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
11745| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
11746| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
11747| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
11748| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11749| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
11750| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
11751| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11752| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11753| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
11754| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11755| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
11756| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
11757| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
11758| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
11759| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11760| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
11761| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11762| [133204] Microsoft Office/Excel up to 2019 memory corruption
11763| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11764| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11765| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11766| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
11767| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
11768| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
11769| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
11770| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
11771| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11772| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
11773| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11774| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
11775| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
11776| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11777| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
11778| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
11779| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
11780| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
11781| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
11782| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
11783| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
11784| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
11785| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
11786| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
11787| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
11788| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
11789| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
11790| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
11791| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
11792| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
11793| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
11794| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
11795| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
11796| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
11797| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
11798| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
11799| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
11800| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
11801| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
11802| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11803| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
11804| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
11805| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
11806| [131658] Microsoft Windows up to Server 2019 information disclosure
11807| [131657] Microsoft Windows up to Server 2019 denial of service
11808| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
11809| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
11810| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
11811| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
11812| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
11813| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
11814| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
11815| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
11816| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11817| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
11818| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
11819| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
11820| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
11821| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
11822| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
11823| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
11824| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
11825| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
11826| [130832] Microsoft 2013 SP1 spoofing
11827| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
11828| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
11829| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
11830| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
11831| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
11832| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
11833| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11834| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
11835| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
11836| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
11837| [130814] Microsoft Windows up to Server 2019 privilege escalation
11838| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
11839| [130808] Microsoft Windows up to Server 2019 information disclosure
11840| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
11841| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
11842| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
11843| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
11844| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
11845| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
11846| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
11847| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11848| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
11849| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
11850| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
11851| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
11852| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
11853| [130792] Microsoft Windows up to Server 2019 HID information disclosure
11854| [130791] Microsoft Windows up to Server 2019 HID information disclosure
11855| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11856| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11857| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11858| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11859| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
11860| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
11861| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
11862| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
11863| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
11864| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
11865| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
11866| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
11867| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
11868| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11869| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11870| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11871| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11872| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11873| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11874| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11875| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11876| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11877| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11878| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11879| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
11880| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
11881| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
11882| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11883| [128745] Microsoft Office up to 2019 Word Macro information disclosure
11884| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11885| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11886| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
11887| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
11888| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
11889| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
11890| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
11891| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
11892| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
11893| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
11894| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
11895| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11896| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11897| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
11898| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11899| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
11900| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
11901| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
11902| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
11903| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
11904| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
11905| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
11906| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
11907| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
11908| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
11909| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
11910| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
11911| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
11912| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
11913| [127817] Microsoft Excel up to 2019 information disclosure
11914| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
11915| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
11916| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
11917| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
11918| [127806] Microsoft Outlook up to 2019 memory corruption
11919| [127805] Microsoft Excel up to 2019 memory corruption
11920| [127804] Microsoft Excel up to 2019 memory corruption
11921| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
11922| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
11923| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
11924| [126755] Microsoft .NET Core 2.1 privilege escalation
11925| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
11926| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
11927| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
11928| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
11929| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11930| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
11931| [126744] Microsoft Office up to 2019 Word memory corruption
11932| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11933| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
11934| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
11935| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
11936| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
11937| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
11938| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
11939| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
11940| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
11941| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11942| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
11943| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
11944| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
11945| [126718] Microsoft Windows up to Server 2016 Search memory corruption
11946| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
11947| [126716] Microsoft Office up to 2019 Excel memory corruption
11948| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
11949| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
11950| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
11951| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
11952| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
11953| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
11954| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
11955| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
11956| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
11957| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
11958| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
11959| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
11960| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
11961| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
11962| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
11963| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
11964| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
11965| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11966| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11967| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11968| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
11969| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
11970| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
11971| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
11972| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
11973| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
11974| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
11975| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
11976| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11977| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
11978| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
11979| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
11980| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
11981| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
11982| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
11983| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
11984| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
11985| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
11986| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
11987| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
11988| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
11989| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
11990| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
11991| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
11992| [123849] Microsoft Windows up to Server 2016 SMB denial of service
11993| [123846] Microsoft Office 2016 on Win/Mac memory corruption
11994| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
11995| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11996| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
11997| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
11998| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
11999| [123827] Microsoft Windows up to Server 2016 Image memory corruption
12000| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
12001| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
12002| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
12003| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
12004| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
12005| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
12006| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
12007| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
12008| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12009| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
12010| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
12011| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12012| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
12013| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
12014| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
12015| [122848] Microsoft Windows Security Feature 2FA weak authentication
12016| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
12017| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
12018| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
12019| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
12020| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12021| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
12022| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
12023| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
12024| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
12025| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
12026| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
12027| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12028| [121098] Microsoft Office 2016/2016 C2R memory corruption
12029| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
12030| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
12031| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12032| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
12033| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
12034| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
12035| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
12036| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
12037| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12038| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
12039| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12040| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12041| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12042| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12043| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12044| [119459] Microsoft Windows up to Server 2016 memory corruption
12045| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
12046| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
12047| [119455] Microsoft Windows up to Server 2016 denial of service
12048| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12049| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
12050| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
12051| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
12052| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
12053| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
12054| [119436] Microsoft Windows up to Server 2016 memory corruption
12055| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
12056| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
12057| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
12058| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
12059| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
12060| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
12061| [117507] Microsoft Infopath 2013 SP1 memory corruption
12062| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
12063| [117504] Microsoft Office 2010 SP2 information disclosure
12064| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
12065| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
12066| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12067| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
12068| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
12069| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
12070| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
12071| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
12072| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12073| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12074| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12075| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12076| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12077| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12078| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
12079| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
12080| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
12081| [116132] Microsoft Office 2016 Memory information disclosure
12082| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12083| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
12084| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
12085| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
12086| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
12087| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
12088| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12089| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
12090| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
12091| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
12092| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
12093| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
12094| [116023] Microsoft Office up to 2016 C2R information disclosure
12095| [116022] Microsoft Excel 2010 SP2 memory corruption
12096| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
12097| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
12098| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12099| [116017] Microsoft Excel up to 2016 C2R memory corruption
12100| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
12101| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12102| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
12103| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
12104| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
12105| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
12106| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
12107| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
12108| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
12109| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
12110| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
12111| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
12112| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
12113| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12114| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
12115| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
12116| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
12117| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12118| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12119| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12120| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12121| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12122| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12123| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12124| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12125| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12126| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12127| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12128| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
12129| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
12130| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
12131| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
12132| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
12133| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
12134| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
12135| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
12136| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
12137| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
12138| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
12139| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
12140| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
12141| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
12142| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
12143| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
12144| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
12145| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
12146| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
12147| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
12148| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
12149| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
12150| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
12151| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
12152| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
12153| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
12154| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
12155| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
12156| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
12157| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
12158| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
12159| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
12160| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
12161| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
12162| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
12163| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
12164| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
12165| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
12166| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
12167| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12168| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12169| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
12170| [113232] Microsoft Excel 2016 memory corruption
12171| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
12172| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
12173| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
12174| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
12175| [111567] Microsoft Office 2010/2013/2016 memory corruption
12176| [111564] Microsoft Word 2016 memory corruption
12177| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
12178| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
12179| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12180| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
12181| [110553] Microsoft Office 2016 C2R information disclosure
12182| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
12183| [110551] Microsoft Excel 2016 C2R memory corruption
12184| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
12185| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
12186| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
12187| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
12188| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
12189| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
12190| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
12191| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
12192| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
12193| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
12194| [107759] Microsoft Windows up to Server 2016 SMB denial of service
12195| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12196| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12197| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
12198| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
12199| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
12200| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
12201| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
12202| [107738] Microsoft Windows up to Server 2016 Search information disclosure
12203| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
12204| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
12205| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
12206| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12207| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12208| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12209| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
12210| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
12211| [107698] Microsoft Office 2016 memory corruption
12212| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
12213| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
12214| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
12215| [106529] Microsoft PowerPoint 2016 memory corruption
12216| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
12217| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
12218| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
12219| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
12220| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
12221| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
12222| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
12223| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
12224| [106474] Microsoft Office 2016 memory corruption
12225| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
12226| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
12227| [106470] Microsoft Excel 2011 on Mac memory corruption
12228| [106455] Microsoft Exchange Server 2013/2016 information disclosure
12229| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
12230| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
12231| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
12232| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
12233| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
12234| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
12235| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
12236| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
12237| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
12238| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
12239| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
12240| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
12241| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
12242| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
12243| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
12244| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
12245| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
12246| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
12247| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
12248| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12249| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
12250| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
12251| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
12252| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
12253| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
12254| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
12255| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
12256| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
12257| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
12258| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
12259| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
12260| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
12261| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
12262| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
12263| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
12264| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
12265| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
12266| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
12267| [102463] Microsoft Project Server 2013 SP1 cross site scripting
12268| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
12269| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
12270| [102446] Microsoft Office up to 2016 privilege escalation
12271| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
12272| [102443] Microsoft Office up to 2016 privilege escalation
12273| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
12274| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
12275| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
12276| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
12277| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
12278| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
12279| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
12280| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
12281| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
12282| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
12283| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
12284| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
12285| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
12286| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
12287| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
12288| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
12289| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
12290| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
12291| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
12292| [101019] Microsoft Skype for Business 2016 memory corruption
12293| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
12294| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
12295| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
12296| [101014] Microsoft Office 2010 SP2/2016 memory corruption
12297| [101013] Microsoft Office 2010 SP2/2016 memory corruption
12298| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
12299| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
12300| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
12301| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
12302| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
12303| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
12304| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
12305| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
12306| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
12307| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
12308| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
12309| [98096] Microsoft Exchange 2013 SP1 privilege escalation
12310| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
12311| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
12312| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
12313| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
12314| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
12315| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
12316| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
12317| [98081] Microsoft Excel up to 2016 information disclosure
12318| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12319| [98079] Microsoft Word 2016 memory corruption
12320| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
12321| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
12322| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
12323| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
12324| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
12325| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
12326| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
12327| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
12328| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
12329| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
12330| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
12331| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
12332| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
12333| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
12334| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
12335| [94451] Microsoft Office 2011 memory corruption
12336| [94447] Microsoft Office 2010 SP2 memory corruption
12337| [94446] Microsoft Office 2016 memory corruption
12338| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
12339| [94443] Microsoft Office up to 2016 information disclosure
12340| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
12341| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
12342| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
12343| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
12344| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
12345| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
12346| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
12347| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
12348| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
12349| [93393] Microsoft Office up to 2016 memory corruption
12350| [93392] Microsoft Office up to 2016 memory corruption
12351| [93391] Microsoft Office up to 2016 memory corruption
12352| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
12353| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
12354| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
12355| [92584] Microsoft Office up to 2016 memory corruption
12356| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
12357| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
12358| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
12359| [91555] Microsoft Exchange 2013/2016 Link spoofing
12360| [91550] Microsoft Office 2016 memory corruption
12361| [91547] Microsoft Office 2010 memory corruption
12362| [91543] Microsoft Office up to 2016 memory corruption
12363| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
12364| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
12365| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
12366| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
12367| [89043] Microsoft Office up to 2016 memory corruption
12368| [89041] Microsoft Office up to 2016 memory corruption
12369| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
12370| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
12371| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12372| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
12373| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
12374| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
12375| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
12376| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
12377| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
12378| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
12379| [87936] Microsoft Office up to 2016 memory corruption
12380| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
12381| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
12382| [87149] Microsoft Office up to 2016 memory corruption
12383| [87148] Microsoft Office 2010 Graphics memory corruption
12384| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
12385| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
12386| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
12387| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
12388| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
12389| [81274] Microsoft Office up to 2016 memory corruption
12390| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
12391| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
12392| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
12393| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
12394| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
12395| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
12396| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
12397| [80870] Microsoft Office up to 2016 memory corruption
12398| [80868] Microsoft Office up to 2016 memory corruption
12399| [80867] Microsoft Office up to 2016 memory corruption
12400| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
12401| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
12402| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
12403| [80231] Microsoft Excel up to 2016 Office Document memory corruption
12404| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
12405| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
12406| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
12407| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
12408| [80218] Microsoft Office up to 2016 ASLR privilege escalation
12409| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
12410| [80216] Microsoft Office up to 2016 Office Document memory corruption
12411| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
12412| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
12413| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
12414| [79500] Microsoft Office 2010/2011/2016 memory corruption
12415| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
12416| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
12417| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
12418| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
12419| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
12420| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
12421| [77638] Microsoft Lync Server 2013 cross site scripting
12422| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
12423| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
12424| [77050] Microsoft Office up to 2016 memory corruption
12425| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
12426| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
12427| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
12428| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
12429| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
12430| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
12431| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
12432| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
12433| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
12434| [66976] Microsoft Access 2010 VBA Datatype denial of service
12435| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
12436| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
12437| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
12438| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
12439| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
12440| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
12441| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
12442| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
12443| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
12444| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
12445| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
12446| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
12447| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
12448| [69156] Microsoft Office 2010 Object memory corruption
12449| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
12450| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
12451| [68191] Microsoft SharePoint 2010 cross site scripting
12452| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
12453| [67518] Microsoft Lync 2013 denial of service
12454| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
12455| [67516] Microsoft Lync 2010/2013 denial of service
12456| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
12457| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
12458| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
12459| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
12460| [13228] Microsoft Office 2013 Document privilege escalation
12461| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
12462| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
12463| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
12464| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
12465| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
12466| [12183] Microsoft .NET Framework 2/4 DTD denial of service
12467| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
12468| [11468] Microsoft Exchange 2010/2013 cross site scripting
12469| [11466] Microsoft Office 2013 File Response information disclosure
12470| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
12471| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
12472| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
12473| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
12474| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
12475| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
12476| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
12477| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
12478| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
12479| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
12480| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
12481| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
12482| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
12483| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
12484| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
12485| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
12486| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
12487| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
12488| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
12489| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
12490| [7343] Microsoft Lync 2012 HTTP Format String
12491| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
12492| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
12493| [6831] Microsoft Office Picture Manager 2010 File memory corruption
12494| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
12495| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
12496| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
12497| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
12498| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
12499| [5641] Microsoft SharePoint 2010 cross site scripting
12500| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
12501| [12311] Microsoft Lync 2010 Search race condition
12502| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
12503| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
12504| [60208] Microsoft Visio Viewer 2010 memory corruption
12505| [60207] Microsoft Visio Viewer 2010 memory corruption
12506| [60206] Microsoft Visio Viewer 2010 memory corruption
12507| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
12508| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
12509| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
12510| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
12511| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
12512| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
12513| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
12514| [4424] Microsoft Host Integration Server up to 2010 denial of service
12515| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
12516| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
12517| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
12518| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
12519| [4414] Microsoft SharePoint 2010 cross site scripting
12520| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
12521| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
12522| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
12523| [56028] Microsoft Data Access Components 2.8 memory corruption
12524| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
12525| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
12526| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
12527| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
12528| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
12529| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
12530| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
12531| [4009] Microsoft NET Framework 2.x/3.x denial of service
12532| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
12533| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
12534| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
12535| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
12536| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
12537| [32692] Microsoft XML Core Services up to 2.6 memory corruption
12538| [32691] Microsoft XML Core Services up to 2.6 memory corruption
12539|
12540| MITRE CVE - https://cve.mitre.org:
12541| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
12542| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
12543| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
12544| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
12545| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
12546| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
12547| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
12548| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
12549| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
12550| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
12551| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
12552| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
12553| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
12554| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
12555| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
12556| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
12557| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
12558| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
12559| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
12560| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
12561| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
12562| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
12563| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
12564| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
12565| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
12566| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
12567| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
12568| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
12569| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
12570| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
12571| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
12572| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
12573| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
12574| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
12575| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
12576| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
12577| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
12578| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
12579| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
12580| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
12581| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
12582| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
12583| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
12584| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
12585| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
12586| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
12587| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
12588| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
12589| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
12590| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12591| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12592| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12593| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12594| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12595| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12596| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12597| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12598| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12599| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12600| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12601| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12602| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12603| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12604| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12605| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12606| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12607| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12608| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12609| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12610| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12611| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12612| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12613| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12614| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12615| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12616| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12617| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12618| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12619| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
12620| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
12621| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
12622| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
12623| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
12624| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
12625| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
12626| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
12627| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
12628| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
12629| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
12630| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
12631| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
12632| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
12633| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
12634| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
12635| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
12636| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
12637| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
12638| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
12639| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
12640| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
12641| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
12642| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
12643| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
12644| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
12645| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12646| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
12647| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
12648| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
12649| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12650| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
12651| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
12652| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
12653| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
12654| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
12655| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
12656| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
12657| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
12658| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
12659| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12660| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
12661| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
12662| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
12663| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
12664| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
12665| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
12666| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
12667| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
12668| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
12669| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
12670| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
12671| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
12672| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12673| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
12674| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
12675| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
12676| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12677| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
12678| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
12679| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
12680| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
12681| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
12682| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
12683| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
12684| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
12685| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
12686| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
12687| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12688| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
12689| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
12690| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
12691| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
12692| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
12693| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
12694| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
12695| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
12696| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
12697| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
12698| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
12699| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
12700| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
12701| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
12702| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
12703| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
12704| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12705| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
12706| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
12707| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
12708| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
12709| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
12710| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
12711| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
12712| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
12713| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
12714| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12715| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
12716| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
12717| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
12718| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
12719| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
12720| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
12721| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
12722| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
12723| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
12724| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
12725| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
12726| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
12727| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
12728| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
12729| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
12730| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
12731| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
12732| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
12733| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
12734| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
12735| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
12736| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
12737| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
12738| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
12739| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
12740| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
12741| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
12742| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
12743| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
12744| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
12745| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
12746| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
12747| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
12748| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
12749| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
12750| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
12751| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
12752| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
12753| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
12754| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
12755| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
12756| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
12757| [CVE-2011-1990] Microsoft Excel 2007 SP2
12758| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
12759| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
12760| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
12761| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
12762| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
12763| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
12764| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
12765| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
12766| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
12767| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
12768| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
12769| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
12770| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
12771| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
12772| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
12773| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
12774| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
12775| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
12776| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
12777| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
12778| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
12779| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
12780| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
12781| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
12782| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12783| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12784| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12785| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12786| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12787| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12788| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12789| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
12790| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12791| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12792| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
12793| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12794| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12795| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
12796| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
12797| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
12798| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
12799| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
12800| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
12801| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
12802| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
12803| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
12804| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
12805| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
12806| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
12807| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
12808| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
12809| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
12810| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
12811| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12812| [CVE-2011-1275] Microsoft Excel 2002 SP3
12813| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12814| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12815| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12816| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
12817| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
12818| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
12819| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
12820| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
12821| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
12822| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
12823| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
12824| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
12825| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
12826| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
12827| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12828| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12829| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12830| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12831| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12832| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12833| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12834| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12835| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12836| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12837| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12838| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12839| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12840| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12841| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12842| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12843| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12844| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12845| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
12846| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12847| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
12848| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
12849| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
12850| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12851| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
12852| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12853| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12854| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12855| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12856| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12857| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12858| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12859| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12860| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
12861| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
12862| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
12863| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
12864| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
12865| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
12866| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12867| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
12868| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
12869| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
12870| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
12871| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
12872| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
12873| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
12874| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12875| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12876| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
12877| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
12878| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
12879| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
12880| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
12881| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
12882| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
12883| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
12884| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
12885| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
12886| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
12887| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
12888| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
12889| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
12890| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
12891| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
12892| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
12893| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
12894| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
12895| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
12896| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
12897| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
12898| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
12899| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
12900| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
12901| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
12902| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
12903| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
12904| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
12905| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
12906| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
12907| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
12908| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
12909| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
12910| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
12911| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
12912| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
12913| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
12914| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
12915| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
12916| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
12917| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
12918| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
12919| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
12920| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
12921| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
12922| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
12923| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
12924| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
12925| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
12926| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
12927| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
12928| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
12929| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
12930| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
12931| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
12932| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
12933| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
12934| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
12935| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
12936| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
12937| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
12938| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
12939| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
12940| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
12941| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
12942| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
12943| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
12944| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
12945| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
12946| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
12947| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
12948| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
12949| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
12950| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
12951| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
12952| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
12953| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
12954| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
12955| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
12956| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
12957| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
12958| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
12959| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
12960| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
12961| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
12962| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
12963| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
12964| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
12965| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
12966| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
12967| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
12968| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
12969| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
12970| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
12971| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
12972| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
12973| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
12974| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
12975| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
12976| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
12977| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
12978| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
12979| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
12980| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
12981| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
12982| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
12983| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
12984| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
12985| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
12986| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
12987| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
12988| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
12989| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
12990| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
12991| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
12992| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
12993| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
12994| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
12995| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
12996| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
12997| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
12998| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
12999| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
13000| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
13001| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
13002| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
13003| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
13004| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
13005| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
13006| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
13007| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
13008| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
13009| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
13010| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
13011| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
13012| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
13013| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
13014| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
13015| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
13016| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
13017| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
13018| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
13019| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
13020| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
13021| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
13022| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
13023| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
13024| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
13025| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
13026| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
13027| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
13028| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
13029| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
13030| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
13031| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
13032| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
13033| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
13034| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
13035| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
13036| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
13037| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
13038| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
13039| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
13040| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
13041| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
13042| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
13043| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
13044| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
13045| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
13046| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
13047| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
13048| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
13049| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
13050| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
13051| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
13052| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
13053| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
13054| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
13055| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
13056| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
13057| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
13058| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
13059| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
13060| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
13061| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
13062| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
13063| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
13064| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
13065| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
13066| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
13067| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
13068| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
13069| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
13070| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
13071| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
13072| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
13073| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
13074| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
13075| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13076| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
13077| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
13078| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
13079| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
13080| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
13081| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
13082| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
13083| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
13084| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
13085| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
13086| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
13087| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
13088| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
13089| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
13090| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
13091| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
13092| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
13093| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
13094| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
13095| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
13096| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
13097| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
13098| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
13099| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
13100| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
13101| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
13102| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
13103| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
13104| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
13105| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
13106| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
13107| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
13108| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
13109| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
13110| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
13111| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
13112| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
13113| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
13114| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
13115| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
13116| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
13117| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
13118| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
13119| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
13120| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
13121| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
13122| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
13123| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
13124| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
13125| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
13126| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
13127| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13128| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
13129| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13130| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13131| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
13132| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13133| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
13134| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
13135| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
13136| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
13137| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
13138| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
13139| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
13140| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
13141| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
13142| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
13143| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
13144| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
13145| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
13146| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
13147| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
13148| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
13149| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
13150| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
13151| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
13152| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
13153| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
13154| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
13155| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
13156| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
13157| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
13158| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
13159| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
13160| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
13161| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
13162| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
13163| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
13164| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
13165| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
13166| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
13167| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
13168| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
13169| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
13170| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
13171| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
13172| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
13173| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
13174| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
13175| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
13176| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
13177| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
13178| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
13179| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
13180| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
13181| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
13182| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
13183| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
13184| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
13185| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
13186| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
13187| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
13188| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
13189| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
13190| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
13191| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
13192| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
13193| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
13194| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
13195| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
13196| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
13197| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
13198| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
13199| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
13200| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
13201| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
13202| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
13203| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
13204| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
13205| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
13206| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
13207| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
13208| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
13209| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
13210| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
13211| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
13212| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13213| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
13214| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
13215| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
13216| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
13217| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
13218| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
13219| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
13220| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
13221| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
13222| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
13223| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
13224| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
13225| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
13226| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
13227| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
13228| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
13229| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
13230| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
13231| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
13232| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
13233| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
13234| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
13235| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
13236| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
13237| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
13238| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
13239| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
13240| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
13241| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
13242| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
13243| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
13244| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
13245| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
13246| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
13247| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
13248| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
13249| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
13250| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
13251| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
13252| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
13253| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
13254| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
13255| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
13256| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
13257| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
13258| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
13259| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
13260| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
13261| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
13262| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
13263| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
13264| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
13265| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
13266| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
13267| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
13268| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
13269| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
13270| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
13271| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13272| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
13273| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
13274| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
13275| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
13276| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
13277| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
13278| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
13279| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
13280| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13281| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
13282| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
13283| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
13284| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
13285| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
13286| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
13287| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
13288| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
13289| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13290| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
13291| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
13292| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
13293| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
13294| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
13295| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
13296| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
13297| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
13298| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
13299| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
13300| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
13301| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13302| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13303| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13304| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13305| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13306| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
13307| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
13308| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
13309| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
13310| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
13311| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
13312| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
13313| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
13314| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
13315| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
13316| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
13317| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
13318| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
13319| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
13320| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
13321| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
13322| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
13323| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
13324| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
13325| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
13326| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
13327| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
13328| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
13329| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
13330| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
13331| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
13332| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
13333| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
13334| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
13335| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
13336| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
13337| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
13338| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
13339| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
13340| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
13341| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
13342| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
13343| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
13344| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
13345| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
13346| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
13347| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
13348| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
13349| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
13350| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
13351| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
13352| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
13353| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
13354| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
13355| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
13356| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
13357| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
13358| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
13359| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
13360| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
13361| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
13362| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
13363| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
13364| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
13365| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
13366| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
13367| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
13368| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
13369| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
13370| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
13371| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
13372| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
13373| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
13374| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
13375| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
13376| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
13377| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
13378| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
13379| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
13380| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
13381| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
13382| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
13383| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
13384| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
13385| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
13386| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
13387| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
13388| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
13389| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
13390| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
13391| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
13392| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
13393| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
13394| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
13395| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
13396| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
13397| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
13398| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
13399| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
13400| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
13401| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
13402| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
13403| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
13404| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
13405| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
13406| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
13407| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
13408| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
13409| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
13410| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
13411| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
13412| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
13413| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
13414| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
13415| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
13416| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
13417| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
13418| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
13419| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
13420| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
13421| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
13422| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
13423| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
13424| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
13425| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
13426| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
13427| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
13428| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
13429| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
13430| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
13431| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
13432| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
13433| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
13434| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
13435| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
13436| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
13437| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
13438| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
13439| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
13440| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
13441| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
13442| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
13443| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
13444| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
13445| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
13446| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
13447| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
13448| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
13449| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
13450| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
13451| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
13452| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
13453| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
13454| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
13455| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
13456| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
13457| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
13458| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
13459| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
13460| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
13461| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
13462| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
13463| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
13464| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
13465| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
13466| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
13467| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
13468| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
13469| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
13470| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
13471| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
13472| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
13473| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
13474| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
13475| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
13476| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
13477| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
13478| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
13479| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
13480| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
13481| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
13482| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
13483| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
13484| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
13485| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
13486| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
13487| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
13488| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
13489| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
13490| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
13491| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
13492| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
13493| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
13494| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
13495| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
13496| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
13497| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
13498| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
13499| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
13500| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
13501| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
13502| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
13503| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
13504| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
13505| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
13506| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
13507| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
13508| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
13509| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
13510| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
13511| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
13512| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
13513| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
13514| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
13515| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
13516| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
13517| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
13518| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
13519| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
13520| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
13521| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
13522| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
13523| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
13524| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
13525| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
13526| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
13527| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
13528| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
13529| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
13530| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
13531| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
13532| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
13533| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
13534| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
13535| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
13536| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
13537| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
13538| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
13539| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
13540| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
13541| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
13542| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
13543| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
13544| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
13545| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
13546| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
13547| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
13548| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
13549| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
13550| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
13551| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
13552| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
13553| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
13554| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
13555| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
13556| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
13557| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
13558| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
13559| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
13560| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
13561| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
13562| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
13563| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
13564| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
13565| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
13566| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
13567| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
13568| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
13569| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
13570| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
13571| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
13572| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
13573| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
13574| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
13575| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
13576| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
13577| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
13578| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
13579| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
13580| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
13581| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
13582| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
13583| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
13584| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
13585| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
13586| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
13587| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
13588| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
13589| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
13590| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
13591| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
13592| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
13593| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
13594| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
13595| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
13596| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
13597| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
13598| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
13599| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
13600| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
13601| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
13602| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
13603| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
13604| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
13605| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
13606| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
13607| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
13608| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
13609| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
13610| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
13611| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
13612| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
13613| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
13614| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
13615| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
13616| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
13617| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
13618| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
13619| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
13620| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
13621| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
13622| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
13623| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
13624| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
13625| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
13626| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
13627| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
13628| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
13629| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
13630| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
13631| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
13632| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
13633| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
13634| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
13635| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
13636| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
13637| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
13638| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
13639| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
13640| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
13641| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
13642| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
13643| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
13644| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
13645| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
13646| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
13647| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
13648| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
13649| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
13650| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
13651| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
13652| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
13653| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
13654| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
13655| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
13656| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
13657| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
13658| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
13659| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
13660| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
13661| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
13662| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
13663| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
13664| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
13665| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
13666| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
13667| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
13668| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
13669| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
13670| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
13671| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
13672| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
13673| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
13674| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
13675| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
13676| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
13677| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
13678| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
13679| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
13680| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
13681| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
13682| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
13683| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
13684| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
13685| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
13686| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
13687| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
13688| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
13689| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
13690| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
13691| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
13692| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
13693| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
13694| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
13695| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
13696| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
13697| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
13698| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
13699| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
13700| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
13701| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
13702| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
13703| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
13704| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
13705| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
13706| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
13707| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
13708| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
13709| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
13710| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
13711| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
13712| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
13713| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
13714| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
13715| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
13716| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
13717| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
13718| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
13719| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
13720| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
13721| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
13722| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
13723| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
13724| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
13725| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
13726| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
13727| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
13728| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
13729| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
13730| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
13731| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
13732| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
13733| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
13734| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
13735| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
13736| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
13737| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
13738| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
13739| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
13740| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
13741| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
13742| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
13743| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
13744| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
13745| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
13746| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
13747| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
13748| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
13749| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
13750| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
13751| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
13752| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
13753| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
13754| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
13755| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
13756| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
13757| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
13758| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
13759| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
13760| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
13761| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
13762| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
13763| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
13764| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
13765| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
13766| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
13767| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
13768| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
13769| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
13770| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
13771| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
13772| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
13773| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
13774| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
13775| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
13776| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
13777| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
13778| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
13779| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
13780| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
13781| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
13782| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
13783| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
13784| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
13785| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
13786| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
13787| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
13788| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
13789| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
13790| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
13791| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
13792| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
13793| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
13794| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
13795| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
13796| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
13797| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
13798| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
13799| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
13800| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
13801| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
13802| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
13803| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
13804| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
13805| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
13806| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
13807| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
13808| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
13809| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
13810| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
13811| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
13812| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
13813| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
13814| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
13815| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
13816| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
13817| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
13818| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
13819| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
13820| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
13821| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
13822| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
13823| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
13824| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
13825| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
13826| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
13827| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
13828| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
13829| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
13830| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
13831| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
13832| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
13833| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
13834| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
13835| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
13836| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
13837| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
13838| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
13839| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
13840| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
13841| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
13842| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
13843| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
13844| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
13845| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
13846| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
13847| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
13848| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
13849| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
13850| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
13851| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
13852| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
13853| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
13854| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
13855| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
13856| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
13857| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
13858| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
13859| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
13860| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
13861| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
13862| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
13863| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
13864| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
13865| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
13866| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
13867| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
13868| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
13869| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
13870| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
13871| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
13872| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
13873| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
13874| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
13875| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
13876| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
13877| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
13878| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
13879| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
13880| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
13881| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
13882| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
13883| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13884| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13885| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13886| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13887| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
13888| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
13889| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
13890| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
13891| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
13892| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
13893| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
13894| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
13895| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
13896| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
13897| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
13898| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
13899| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
13900| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
13901| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
13902| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
13903| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
13904| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
13905| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
13906| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
13907| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
13908| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
13909| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
13910| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
13911| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
13912| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
13913| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
13914| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
13915| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
13916| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
13917| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
13918| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
13919| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
13920| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
13921| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
13922| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
13923| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
13924| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
13925| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
13926| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
13927| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
13928| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
13929| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
13930| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
13931| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
13932| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
13933| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
13934| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
13935| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
13936| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13937| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13938| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13939| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
13940| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
13941| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
13942| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
13943| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
13944| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
13945| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
13946| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
13947| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
13948| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
13949| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
13950| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
13951| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
13952| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
13953| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
13954| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
13955| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
13956| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
13957| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
13958| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
13959| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
13960| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
13961| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
13962| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
13963| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
13964| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
13965| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
13966| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
13967| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
13968| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
13969| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
13970| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
13971| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
13972| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
13973| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
13974| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
13975| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
13976| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
13977| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
13978| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
13979| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
13980| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
13981| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
13982| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
13983| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
13984| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
13985| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
13986| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
13987| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
13988| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
13989| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
13990| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
13991| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
13992| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
13993| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
13994| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
13995| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13996| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
13997| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
13998| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
13999| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14000| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14001| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14002| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
14003| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
14004| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
14005| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
14006| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
14007| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
14008| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
14009| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
14010| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
14011| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
14012| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
14013| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
14014| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
14015| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
14016| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
14017| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
14018| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
14019| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
14020| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
14021| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
14022| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
14023| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
14024| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
14025| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
14026| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
14027| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
14028| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
14029| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
14030| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
14031|
14032| SecurityFocus - https://www.securityfocus.com/bid/:
14033| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
14034| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
14035| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
14036| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
14037| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
14038| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
14039| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
14040| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
14041| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
14042| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
14043| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
14044| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
14045| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
14046| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
14047| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
14048| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
14049| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
14050| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
14051| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
14052| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
14053| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
14054| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
14055| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
14056| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
14057| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
14058| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
14059| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
14060| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
14061| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
14062| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
14063| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
14064| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
14065| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
14066| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
14067| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
14068| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
14069| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
14070| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
14071| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
14072| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
14073| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
14074| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
14075| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
14076| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
14077| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
14078| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
14079| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
14080| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
14081| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
14082| [22716] Microsoft Office 2003 Denial of Service Vulnerability
14083| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
14084| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
14085| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
14086| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
14087| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
14088| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
14089| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
14090| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
14091| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
14092| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
14093| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
14094| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
14095| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
14096| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
14097| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
14098| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
14099| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
14100| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
14101| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
14102| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
14103| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
14104| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
14105| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
14106| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
14107| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
14108| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
14109| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
14110| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
14111| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
14112| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
14113| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
14114| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
14115| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
14116| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
14117| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
14118| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
14119| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
14120| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
14121| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
14122| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
14123| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
14124| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
14125| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
14126| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
14127| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
14128| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
14129| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
14130| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
14131| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
14132| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
14133| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
14134| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
14135| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
14136| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
14137| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
14138| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
14139| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
14140| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
14141| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
14142| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
14143| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
14144| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
14145| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
14146| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
14147| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
14148| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
14149| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
14150| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
14151| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
14152| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
14153| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
14154| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
14155| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
14156| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
14157| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
14158| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
14159| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
14160| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
14161| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
14162| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
14163| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
14164| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
14165| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
14166| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
14167| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
14168| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
14169| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
14170| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
14171| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
14172| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
14173| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
14174| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
14175| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
14176| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
14177| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
14178| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
14179| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
14180| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
14181| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
14182| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
14183| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
14184| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
14185| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
14186| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
14187| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
14188| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
14189| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
14190| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
14191| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
14192| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
14193| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
14194| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
14195| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
14196| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
14197| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
14198| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
14199| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
14200| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
14201| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
14202| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
14203| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
14204| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
14205| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
14206| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
14207| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
14208| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
14209| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
14210| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
14211| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
14212| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
14213| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
14214| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
14215| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
14216| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
14217| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
14218| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
14219| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
14220| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
14221| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
14222| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
14223| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
14224| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
14225| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
14226| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
14227| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
14228| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
14229| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
14230| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
14231| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
14232| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
14233| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
14234| [1197] Microsoft Office 2000 UA Control Vulnerability
14235| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
14236| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
14237| [539] Microsoft Windows 2000 EFS Vulnerability
14238| [180] Microsoft Windows April Fools 2001 Vulnerability
14239| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
14240| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
14241| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
14242| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
14243| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
14244| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
14245| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
14246| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
14247| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
14248| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
14249| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
14250| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
14251| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
14252| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
14253| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
14254| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
14255| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
14256| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
14257| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
14258| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
14259| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
14260| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
14261| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
14262| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
14263| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
14264| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
14265| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
14266| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
14267| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
14268| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
14269| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
14270| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
14271| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
14272| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
14273| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
14274| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
14275| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
14276| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
14277| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
14278| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
14279| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
14280| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
14281| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
14282| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
14283| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
14284| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
14285| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
14286| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
14287| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
14288| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
14289| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
14290| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
14291| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
14292| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
14293| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
14294| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
14295| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
14296| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
14297| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
14298| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
14299| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
14300| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
14301| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
14302| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
14303| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
14304|
14305| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14306| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
14307| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
14308| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
14309| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
14310| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
14311| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
14312| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
14313| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
14314| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
14315| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
14316| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
14317| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
14318| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
14319| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
14320| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
14321| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
14322| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
14323| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
14324| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
14325| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
14326| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
14327| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
14328| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
14329| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
14330| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
14331| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
14332| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
14333| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
14334| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
14335| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
14336| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
14337| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
14338| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
14339| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
14340| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
14341| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
14342| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
14343| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
14344| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
14345| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
14346| [48595] Microsoft Word 2007 Email as PDF information disclosure
14347| [46102] Microsoft Windows 2003 SP2 is not installed on the system
14348| [46101] Microsoft Windows 2003 SP1 is not installed on the system
14349| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
14350| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
14351| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
14352| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
14353| [34599] Microsoft Windows Server 2003 terminal server security bypass
14354| [34473] Microsoft Office 2000 ActiveX control buffer overflow
14355| [33713] Microsoft Word 2007 multiple unspecified denial of service
14356| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
14357| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
14358| [31821] Microsoft Windows time zone update for year 2007
14359| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
14360| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
14361| [29546] Microsoft Windows 2000/2003 user logoff initiated
14362| [29545] Microsoft Windows 2000/2003 system time changed
14363| [29544] Microsoft Windows 2000/2003 system security access removed
14364| [29543] Microsoft Windows 2000/2003 security access granted
14365| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
14366| [29541] Microsoft Windows 2000/2003 primary security token issued
14367| [29540] Microsoft Windows 2000/2003 user password reset successful
14368| [29539] Microsoft Windows 2000/2003 object indirectly accessed
14369| [29538] Microsoft Windows 2000/2003 object handle duplicated
14370| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
14371| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
14372| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
14373| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
14374| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
14375| [29532] Microsoft Windows 2000/2003 IKE security association established
14376| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
14377| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
14378| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
14379| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
14380| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
14381| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
14382| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
14383| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
14384| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
14385| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
14386| [29521] Microsoft Windows 2000/2003 account name changed
14387| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
14388| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
14389| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
14390| [26118] Microsoft Office 2003 mailto: information disclosure
14391| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
14392| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
14393| [24473] Microsoft Windows 2000 event ID 565 not logged
14394| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
14395| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
14396| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
14397| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
14398| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
14399| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
14400| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
14401| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
14402| [22183] Microsoft Exchange Server 2003 public folder denial of service
14403| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
14404| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
14405| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
14406| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
14407| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
14408| [19629] Microsoft Exchange Server 2003 folder denial of service
14409| [17826] Microsoft Outlook 2003 CID security bypass
14410| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
14411| [17621] Microsoft Windows 2003 SMTP service code execution
14412| [17560] Microsoft Windows 2000 and XP GDI library denial of service
14413| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
14414| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
14415| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
14416| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
14417| [16907] Microsoft Windows 2003 users with Create global objects privilege
14418| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
14419| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
14420| [16704] Microsoft Windows 2000 Media Player control code execution
14421| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
14422| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
14423| [16570] Microsoft Windows 2003 Users with Create global objects privilege
14424| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
14425| [16562] Microsoft Windows 2003 Groups with "
14426| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
14427| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
14428| [16520] Microsoft Windows 2003 Create global objects privilege
14429| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
14430| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
14431| [16119] Microsoft Outlook 2000 URL spoofing
14432| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
14433| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
14434| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
14435| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
14436| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
14437| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
14438| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
14439| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
14440| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
14441| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
14442| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
14443| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
14444| [13426] Microsoft Windows 2000 and XP RPC race condition
14445| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
14446| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
14447| [13385] Microsoft Windows Server 2003 "
14448| [13211] Microsoft Windows 2000 and XP URG memory leak
14449| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
14450| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
14451| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
14452| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
14453| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
14454| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
14455| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
14456| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
14457| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
14458| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
14459| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
14460| [11901] Microsoft BizTalk Server 2002 SQL injection
14461| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
14462| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
14463| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
14464| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
14465| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
14466| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
14467| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
14468| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
14469| [11216] Microsoft Windows NT and 2000 command prompt denial of service
14470| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
14471| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
14472| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
14473| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
14474| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
14475| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
14476| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
14477| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
14478| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
14479| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
14480| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
14481| [9779] Microsoft Windows 2000 weak system partition permissions
14482| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
14483| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
14484| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
14485| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
14486| [8867] Microsoft Windows 2000 LanMan denial of service
14487| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
14488| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
14489| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
14490| [8739] Microsoft Windows 2000 DCOM memory leak
14491| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
14492| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
14493| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
14494| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
14495| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
14496| [8199] Microsoft Windows 2000 Terminal Services unlocked client
14497| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
14498| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
14499| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
14500| [8037] Microsoft Windows 2000 empty TCP packet denial of service
14501| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
14502| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
14503| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
14504| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
14505| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
14506| [7533] Microsoft Windows 2000 RunAs service denial of service
14507| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
14508| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
14509| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
14510| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
14511| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
14512| [7008] Microsoft Windows 2000 IrDA device denial of service
14513| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
14514| [6931] Microsoft Windows 2000 without Service Pack 2
14515| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
14516| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
14517| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
14518| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
14519| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
14520| [6669] Microsoft Windows 2000 Telnet system call denial of service
14521| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
14522| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
14523| [6666] Microsoft Windows 2000 Telnet username denial of service
14524| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
14525| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
14526| [6652] Microsoft Exchange 2000 OWA script execution
14527| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
14528| [6506] Microsoft Windows 2000 Server Kerberos denial of service
14529| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
14530| [6160] Microsoft Windows 2000 event viewer buffer overflow
14531| [6136] Microsoft Windows 2000 domain controller denial of service
14532| [6035] Microsoft Windows 2000 Server RDP denial of service
14533| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
14534| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
14535| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
14536| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
14537| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
14538| [5585] Microsoft Windows 2000 brute force attack
14539| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
14540| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
14541| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
14542| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
14543| [5263] Microsoft Office 2000 executes .dll without users knowledge
14544| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
14545| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
14546| [5203] Microsoft Windows 2000 still image service
14547| [5171] Microsoft Windows 2000 Local Security Policy corruption
14548| [5080] Microsoft Office 2000 HTML object tag buffer overflow
14549| [5033] Microsoft Windows 2000 without Service Pack 1
14550| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
14551| [5015] Microsoft Windows NT and 2000 executable path
14552| [4887] Microsoft Windows 2000 Kerberos ticket renewed
14553| [4886] Microsoft Windows 2000 logon session reconnected
14554| [4885] Microsoft Windows 2000 logon session disconnected
14555| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
14556| [4873] Microsoft Windows 2000 user account mapped for logon
14557| [4872] Microsoft Windows 2000 account logon failed
14558| [4871] Microsoft Windows 2000 account used for logon
14559| [4855] Microsoft Windows 2000 group type change
14560| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
14561| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
14562| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
14563| [4819] Microsoft Windows 2000 default SYSKEY configuration
14564| [4787] Microsoft Windows 2000 user account locked out
14565| [4786] Microsoft Windows 2000 computer account created
14566| [4785] Microsoft Windows 2000 computer account changed
14567| [4784] Microsoft Windows 2000 computer account deleted
14568| [4714] Microsoft Windows 2000 "
14569| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
14570| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
14571| [4138] Microsoft Windows 2000 system file integrity feature is disabled
14572| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
14573| [4085] Microsoft Windows 2000 non-Gregorial calendar error
14574| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
14575| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
14576| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
14577| [4080] Microsoft Windows 2000 AOL image support
14578| [4079] Microsoft Windows 2000 High Encryption Pack
14579| [3854] Microsoft Office 2000 security setting
14580| [1376] Microsoft Proxy 2.0 denial of service
14581| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
14582| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
14583| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
14584| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
14585| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
14586| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
14587| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
14588| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
14589| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
14590| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
14591| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
14592| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
14593| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
14594| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
14595| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
14596| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
14597| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
14598| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
14599| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
14600| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
14601| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
14602| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
14603| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
14604| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
14605| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
14606| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
14607| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
14608| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
14609| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
14610| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
14611| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
14612| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
14613| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
14614| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
14615| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
14616| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
14617| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
14618| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
14619| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
14620| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
14621| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
14622| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
14623| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
14624| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
14625| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
14626| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
14627| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
14628| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
14629| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
14630| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
14631| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
14632| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
14633| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
14634| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
14635| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
14636| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
14637| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
14638| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
14639| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
14640| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
14641| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
14642| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
14643| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
14644| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
14645| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
14646| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
14647| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
14648| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
14649| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
14650| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
14651| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
14652| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
14653| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
14654| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
14655| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
14656| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
14657| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
14658| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
14659| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
14660| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
14661| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
14662| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
14663| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
14664| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
14665| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
14666| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
14667| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
14668| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
14669| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
14670| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
14671| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
14672| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
14673| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
14674| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
14675| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
14676| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
14677| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
14678| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
14679| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
14680| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
14681| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
14682| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
14683| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
14684| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
14685| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
14686| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
14687| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
14688| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
14689| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
14690| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
14691| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
14692| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
14693| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
14694| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
14695| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
14696| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
14697| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
14698| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
14699| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
14700| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
14701| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
14702| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
14703| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
14704| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
14705| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
14706| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
14707| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
14708| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
14709| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
14710| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
14711| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
14712| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
14713| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
14714| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
14715| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
14716| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
14717| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
14718| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
14719| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
14720| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
14721| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
14722| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
14723| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
14724| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
14725| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
14726| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
14727| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
14728| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
14729| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
14730| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
14731| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
14732| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
14733| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
14734| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
14735| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
14736| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
14737| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
14738| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
14739| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
14740| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
14741| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
14742| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
14743| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
14744| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
14745| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
14746| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
14747| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
14748| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
14749| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
14750| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
14751| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
14752| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
14753| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
14754| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
14755| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
14756| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
14757| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
14758| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
14759| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
14760| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
14761| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
14762| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
14763| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
14764| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
14765| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
14766| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
14767| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
14768| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
14769| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
14770| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
14771| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
14772| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
14773| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
14774| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
14775| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
14776| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
14777| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
14778| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
14779| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
14780| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
14781| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
14782| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
14783| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
14784| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
14785| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
14786| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
14787| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
14788| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
14789| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
14790| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
14791| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
14792| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
14793| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
14794| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
14795| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
14796| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
14797| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
14798| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
14799| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
14800| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
14801| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
14802| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
14803| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
14804| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
14805| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
14806| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
14807| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
14808| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
14809| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
14810| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
14811| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
14812| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
14813| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
14814| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
14815| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
14816| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
14817| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
14818| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
14819| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
14820| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
14821| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
14822| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
14823| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
14824| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
14825| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
14826| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
14827| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
14828| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
14829| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
14830| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
14831| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
14832| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
14833| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
14834| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
14835| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
14836| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
14837| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
14838| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
14839| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
14840| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
14841| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
14842| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
14843| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
14844| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
14845| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
14846| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
14847| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
14848| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
14849| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
14850| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
14851| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
14852| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
14853| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
14854| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
14855| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
14856| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
14857| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
14858| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
14859| [9146] Microsoft Passport SDK 2.1 events reporting disabled
14860| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
14861| [9067] Microsoft Passport SDK 2.1 default test site exposure
14862| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
14863| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
14864| [9064] Microsoft Passport SDK 2.1 default time window exposure
14865| [1271] Microsoft IIS version 2 installed
14866| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
14867|
14868| Exploit-DB - https://www.exploit-db.com:
14869| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
14870| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
14871| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
14872| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
14873| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
14874| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
14875| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
14876| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
14877| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
14878| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
14879| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
14880| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
14881| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
14882| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
14883| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
14884| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
14885| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
14886| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
14887| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
14888| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
14889| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
14890| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
14891| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
14892| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
14893| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
14894| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
14895| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
14896| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
14897| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
14898| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
14899| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
14900| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
14901| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
14902| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
14903| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
14904| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
14905| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
14906| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
14907| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
14908| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
14909| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
14910| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
14911| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
14912| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
14913| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
14914| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
14915| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
14916| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
14917| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
14918| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
14919| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
14920| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
14921| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
14922| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
14923| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
14924| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
14925| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
14926| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
14927| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
14928| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
14929| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
14930| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
14931| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
14932| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
14933| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
14934| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
14935| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
14936| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
14937| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
14938| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
14939| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
14940| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
14941| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
14942| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
14943| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
14944| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
14945| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
14946| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
14947| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
14948| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
14949| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
14950| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
14951| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
14952| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
14953| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
14954| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
14955| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
14956| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
14957| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
14958| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
14959| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
14960| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
14961| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
14962| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
14963| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
14964| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
14965| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
14966| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
14967| [18334] Microsoft Office 2003 Home/Pro 0day
14968| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
14969| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
14970| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
14971| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
14972| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
14973| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
14974| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
14975| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
14976| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
14977| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
14978| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
14979| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
14980| [3690] microsoft office word 2007 - Multiple Vulnerabilities
14981| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
14982| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
14983| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
14984| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
14985| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
14986| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
14987| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
14988| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
14989| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
14990| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
14991| [22850] Microsoft Office OneNote 2010 Crash PoC
14992| [22679] Microsoft Visio 2010 Crash PoC
14993| [22655] Microsoft Publisher 2013 Crash PoC
14994| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
14995| [22330] Microsoft Office Excel 2010 Crash PoC
14996| [22310] Microsoft Office Publisher 2010 Crash PoC
14997| [22237] Microsoft Office Picture Manager 2010 Crash PoC
14998| [22215] Microsoft Office Word 2010 Crash PoC
14999| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
15000| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
15001| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
15002| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
15003| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
15004| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
15005| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
15006| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
15007| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
15008| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
15009|
15010| OpenVAS (Nessus) - http://www.openvas.org:
15011| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
15012| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
15013| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
15014| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
15015| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
15016| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
15017| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
15018| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
15019| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
15020| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
15021| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
15022| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
15023| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
15024|
15025| SecurityTracker - https://www.securitytracker.com:
15026| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
15027| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
15028| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
15029| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
15030| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
15031| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
15032| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
15033| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
15034| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
15035| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
15036| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
15037| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
15038| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
15039| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
15040| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
15041| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
15042| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
15043| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
15044| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
15045| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
15046| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
15047| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
15048| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
15049| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
15050| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
15051| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
15052| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
15053| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
15054| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
15055| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
15056| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
15057| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
15058| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
15059| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
15060| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
15061| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
15062| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
15063| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
15064| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
15065| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
15066| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
15067| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
15068| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
15069| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
15070| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
15071| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
15072| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
15073| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
15074| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
15075| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
15076| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
15077| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
15078| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
15079| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
15080| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
15081| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
15082| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
15083| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
15084| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
15085|
15086| OSVDB - http://www.osvdb.org:
15087| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
15088| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
15089| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
15090| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
15091| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
15092| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
15093| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
15094| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
15095| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
15096| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
15097| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
15098| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
15099| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
15100| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
15101| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
15102| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
15103| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
15104| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
15105| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
15106| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
15107| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
15108| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
15109| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
15110| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
15111| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
15112| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
15113| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
15114| [28539] Microsoft Word 2000 Unspecified Code Execution
15115| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
15116| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
15117| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
15118| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
15119| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
15120| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
15121| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
15122| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
15123| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
15124| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
15125| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
15126| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
15127| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
15128| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
15129| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
15130| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
15131| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
15132| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
15133| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
15134| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
15135| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
15136| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
15137| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
15138| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
15139| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
15140| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
15141| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
15142| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
15143| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
15144| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
15145| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
15146| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
15147| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
15148| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
15149| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
15150| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
15151| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
15152| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
15153| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
15154| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
15155| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
15156| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
15157| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
15158| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
15159| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
15160| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
15161| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
15162| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
15163| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
15164| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
15165| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
15166| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
15167| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
15168| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
15169| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
15170| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
15171| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
15172| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
15173| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
15174| [8243] Microsoft SMS Port 2702 DoS
15175| [7202] Microsoft PowerPoint 2000 File Loader Overflow
15176| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
15177| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
15178| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
15179| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
15180| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
15181| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
15182| [6965] Microsoft ISA Server 2000 SSL Packet DoS
15183| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
15184| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
15185| [5179] Microsoft Windows 2000 microsoft-ds DoS
15186| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
15187| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
15188| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
15189| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
15190| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
15191| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
15192| [4168] Microsoft Outlook 2002 mailto URI Script Injection
15193| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
15194| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
15195| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
15196| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
15197| [2244] Microsoft Windows 2000 ShellExecute() API Let
15198| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
15199| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
15200| [1764] Microsoft Windows 2000 Domain Controller DoS
15201| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
15202| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
15203| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
15204| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
15205| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
15206| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
15207| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
15208| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
15209| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
15210| [1399] Microsoft Windows 2000 Windows Station Access
15211| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
15212| [1297] Microsoft Windows 2000 Active Directory Object Attribute
15213| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
15214| [773] Microsoft Windows 2000 Group Policy File Lock DoS
15215| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
15216| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
15217| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
15218| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
15219| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
15220| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
15221|_
15222445/tcp closed microsoft-ds
15223Device type: general purpose
15224Running (JUST GUESSING): Linux 2.6.X (90%), Microsoft Windows 2016 (85%)
15225OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:microsoft:windows_server_2016
15226Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%), Microsoft Windows Server 2016 (85%)
15227No exact OS matches for host (test conditions non-ideal).
15228Uptime guess: 1.811 days (since Wed Oct 16 05:50:37 2019)
15229Network Distance: 2 hops
15230TCP Sequence Prediction: Difficulty=256 (Good luck!)
15231IP ID Sequence Generation: Incremental
15232Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
15233
15234TRACEROUTE (using port 445/tcp)
15235HOP RTT ADDRESS
152361 272.39 ms 10.253.204.1
152372 272.38 ms 212.175.8.35
15238
15239NSE: Script Post-scanning.
15240Initiating NSE at 01:19
15241Completed NSE at 01:19, 0.00s elapsed
15242Initiating NSE at 01:19
15243Completed NSE at 01:19, 0.00s elapsed
15244#######################################################################################################################################
15245Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-18 01:19 EDT
15246NSE: Loaded 47 scripts for scanning.
15247NSE: Script Pre-scanning.
15248Initiating NSE at 01:19
15249Completed NSE at 01:19, 0.00s elapsed
15250Initiating NSE at 01:19
15251Completed NSE at 01:19, 0.00s elapsed
15252Initiating Parallel DNS resolution of 1 host. at 01:19
15253Completed Parallel DNS resolution of 1 host. at 01:19, 1.97s elapsed
15254Initiating UDP Scan at 01:19
15255Scanning 212.175.8.35 [15 ports]
15256Completed UDP Scan at 01:19, 4.80s elapsed (15 total ports)
15257Initiating Service scan at 01:19
15258Scanning 13 services on 212.175.8.35
15259Service scan Timing: About 7.69% done; ETC: 01:40 (0:19:36 remaining)
15260Completed Service scan at 01:20, 102.58s elapsed (13 services on 1 host)
15261Initiating OS detection (try #1) against 212.175.8.35
15262Retrying OS detection (try #2) against 212.175.8.35
15263Initiating Traceroute at 01:21
15264Completed Traceroute at 01:21, 7.23s elapsed
15265Initiating Parallel DNS resolution of 1 host. at 01:21
15266Completed Parallel DNS resolution of 1 host. at 01:21, 0.00s elapsed
15267NSE: Script scanning 212.175.8.35.
15268Initiating NSE at 01:21
15269Completed NSE at 01:21, 7.80s elapsed
15270Initiating NSE at 01:21
15271Completed NSE at 01:21, 1.94s elapsed
15272Nmap scan report for 212.175.8.35
15273Host is up (0.26s latency).
15274
15275PORT STATE SERVICE VERSION
1527653/udp open|filtered domain
1527767/udp open|filtered dhcps
1527868/udp open|filtered dhcpc
1527969/udp open|filtered tftp
1528088/udp open|filtered kerberos-sec
15281123/udp open|filtered ntp
15282137/udp filtered netbios-ns
15283138/udp filtered netbios-dgm
15284139/udp open|filtered netbios-ssn
15285161/udp open|filtered snmp
15286162/udp open|filtered snmptrap
15287389/udp open|filtered ldap
15288500/udp open|filtered isakmp
15289|_ike-version: ERROR: Script execution failed (use -d to debug)
15290520/udp open|filtered route
152912049/udp open|filtered nfs
15292Too many fingerprints match this host to give specific OS details
15293
15294TRACEROUTE (using port 137/udp)
15295HOP RTT ADDRESS
152961 100.51 ms 10.253.204.1
152972 ... 3
152984 101.22 ms 10.253.204.1
152995 186.84 ms 10.253.204.1
153006 186.82 ms 10.253.204.1
153017 186.81 ms 10.253.204.1
153028 186.81 ms 10.253.204.1
153039 186.80 ms 10.253.204.1
1530410 186.79 ms 10.253.204.1
1530511 ... 18
1530619 106.22 ms 10.253.204.1
1530720 100.39 ms 10.253.204.1
1530821 ... 27
1530928 99.71 ms 10.253.204.1
1531029 102.10 ms 10.253.204.1
1531130 99.67 ms 10.253.204.1
15312
15313NSE: Script Post-scanning.
15314Initiating NSE at 01:21
15315Completed NSE at 01:21, 0.00s elapsed
15316Initiating NSE at 01:21
15317Completed NSE at 01:21, 0.00s elapsed
15318#######################################################################################################################################
15319Hosts
15320=====
15321
15322address mac name os_name os_flavor os_sp purpose info comments
15323------- --- ---- ------- --------- ----- ------- ---- --------
15324212.175.8.35 Linux 2.6.X server
15325
15326Services
15327========
15328
15329host port proto name state info
15330---- ---- ----- ---- ----- ----
15331212.175.8.35 25 tcp smtp closed
15332212.175.8.35 53 udp domain unknown
15333212.175.8.35 67 udp dhcps unknown
15334212.175.8.35 68 udp dhcpc unknown
15335212.175.8.35 69 udp tftp unknown
15336212.175.8.35 80 tcp http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
15337212.175.8.35 88 udp kerberos-sec unknown
15338212.175.8.35 123 udp ntp unknown
15339212.175.8.35 137 udp netbios-ns filtered
15340212.175.8.35 138 udp netbios-dgm filtered
15341212.175.8.35 139 tcp netbios-ssn closed
15342212.175.8.35 139 udp netbios-ssn unknown
15343212.175.8.35 161 udp snmp unknown
15344212.175.8.35 162 udp snmptrap unknown
15345212.175.8.35 389 udp ldap unknown
15346212.175.8.35 443 tcp ssl/http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
15347212.175.8.35 445 tcp microsoft-ds closed
15348212.175.8.35 500 udp isakmp unknown
15349212.175.8.35 520 udp route unknown
15350212.175.8.35 2049 udp nfs unknown
15351#######################################################################################################################################
15352 Anonymous JTSEC #OpTurkey Full Recon #15